Survey: Majority of Americans Reuse Passwords and Millennials Are the Biggest Culprits

Irvine, Calif. – July 19, 2017SecureAuth Corp., the leader in adaptive access control, today announced results of a survey that reveal Americans’ online security anxiety is real, but their password practices remain sloppy. The report says Americans are much more likely to be concerned with their online personal information being stolen (69 percent) than their wallet being stolen (31 percent).

The survey, conducted in conjunction with Wakefield Research, also found that Americans are breaking some of the most basic rules of online security. Despite the commonly known rule to vary account passwords, 81 percent of people surveyed use the same password for more than one account, and this increases among millennials where 92 percent say they use the same password across multiple accounts. Shockingly, more than a third (36 percent) report they use the same password for 25 percent or more of their online accounts.

 

Poor Password Hygiene Leads to Online Attacks

The survey revealed most Americans (91 percent) who have had an online account breach have felt the severe repercussions. These include:

  • Spam messages sent from an account – 42 percent
  • Account lockout – 38 percent
  • Money stolen through a withdrawal or unauthorized purchase – 28 percent
  • Personal information, such as a social security number or date of birth, stolen – 19 percent
  • Sensitive personal files, such as photos or tax records, made public – 19 percent

“It comes as no surprise that there is a direct result of users’ poor password habits and users experiencing the consequences of a breach,” said Jeff Kukowski, CEO of SecureAuth. “We know attackers are having great success with breaches involving the misuse of stolen or weak credentials. These survey results solidify what experts in identity security know to be true: Organizations need to strengthen their security posture but also provide a seamless customer experience. It is important the security solutions employed strike the right balance. Since many consumers are not taking security into their own hands, it’s important for organizations to protect customer data, giving customers confidence that their data is being taken care of while still providing an ease of use to their service.”

 

Consumers Access Security Intent vs. Consumer Access Security Reality

Although consumers consistently make themselves vulnerable by reusing the same password, a majority (86 percent) say they would use two-factor authentication (2FA) if an online account made the option available. However, there could be a vast difference between what users say they would do with good intent, and what users would actually do. Two-factor authentication is well known to cause user disruptions to routines with continued authentication demands. And the security implements aren’t any better. In fact, high-profile breaches that continue to create headline news –such as the Yahoo, LinkedIn and OneLogin breaches – have shown that many 2FA and basic multi-factor authentication methods, such as knowledge-based questions and SMS-based one-time passwords, are being circumvented by attackers in well-crafted phishing attacks and simple social engineering.

The survey results also revealed that 75 percent of Americans believe a portion of their personal online accounts are protected by 2FA. This includes, banking/financial (52 percent), email (39 percent), and social media (27 percent). 

“Attackers are continuously bypassing 2FA and simple multi-factor authentication methods using unsophisticated tactics and walking through the front door with users’ credentials,” Kukowski said. Organizations must deploy methods to better secure consumers and see potential credential-related threats without relying upon the users themselves. Adaptive access control and identity-based detection techniques such as, geo-location, device recognition, and phone number fraud prevention work invisibly to the user simultaneously strengthening security and providing a positive customer experience. While enabling the business, this modern approach protects and detects attacker’s attempts and prevents the misuse of stolen credentials. After all, it is in everyone’s best interest – from consumers to organizations and the government – to make it difficult for attackers to cause damage to the U.S. economy.”

 

Survey Methodology

The SecureAuth Survey was conducted by Wakefield Research among 1,000 nationally representative U.S. adults, ages 18+, between May 17 and May 24, 2017, using an email invitation and an online survey. See the results in an infographic

 

About SecureAuth

SecureAuth is the leader in adaptive access control solutions, empowering organizations to prevent the misuse of stolen credentials. SecureAuth has been providing SSO and MFA solutions for over a decade. For the latest insights on adaptive access control, follow the SecureAuth blog; follow @SecureAuth on Twitter and LinkedIn.

 

 

 

SecureAuth Identity Platform Adaptative Authentication

Identity and Access Management

Empower your digital initiatives with secure access for everyone and everything connecting to your business

Product Features

Adaptive Authentication

Extend verification of a user identity with contextual risk checks

Multi-Factor Authentication

Leverage a broad portfolio of authentication factors for desktop and mobile

Intelligent Risk Engine

Protect your identities with advanced risk profiling analytics

Single Sign-On

Provide app discovery and one-click login through portal or desktop SSO

User Lifecycle Management

Enable admins with strong CRUD capabilities and users with self-service tools

Secure All Identities

CIAM

Customer Identities

Deliver a frictionless customer experience safeguarding user data and privacy

B2E

Workforce Identities

Govern and control access rights for employees, partners, and contractors

SecureAuth Authenticate App

Passwordless MFA client with
Symbol-to-Accept. Stronger security.

Moving Beyond Passwords

Learn how passwords alone no longer provide the appropriate level of protection, nor confidence, required to secure valuable resources

Initiatives

Passwordless Authentication

Reduce the risk of breaches by eliminating passwords

2FA is Not Enough

Block popular phishing and brute force attacks used by bad actors

Protecting Office 365

Extend adaptive authentication and flexible MFA to all apps including Office 365

Securing Portals and Web Apps

Balance strong security and an exceptional user experience

RSA Migration

Transition to a modern identity and access management solution

Industries

Healthcare

Financial Services

Retail

Energy and Utilities

Public Sector

Resources

White Papers

eBooks

Recorded Webinars

Analyst Reports

Innovation Labs

Documentation

Support Portal

Events & Webinars

Events

Webinars

Calculate Your Savings

Lower support costs by enabling your users the control to reset passwords, account unlocks, device enrollment and update profiles

Meet SecureAuth

About SecureAuth

Careers

Contact