As the US has become a much more digital world, password habits have not changed to meet the current climate. The recent remote work trend caused by the pandemic has changed password habits for only 17% of Americans. Based on our research, 80% have not changed their habits, with men twice as likely to have changed compared with women (23% vs. 10%). More than half of consumers have up to ten accounts that require passwords, and familiarity with current security terms such as malware and spyware are common. Still, little is being done to protect themselves against scams.
- Only 33% of Baby Boomers, and 28% of all consumers, use different passwords for everything.
- 8% of consumers never change their passwords, and 31% only change a password when they are notified of a security problem.
- Generation Z (the youngest consumers) are least security-focused, least likely to change passwords, and most likely to have fallen victim to scams most recently.
- 23% of consumers are not familiar with 2-Factor Authentication, including 38% of Boomers, and only 21% of all consumers take advantage of 2FA when available.
- 20% of all consumers do not know what happens to their accounts if they dieunexpectedly.
Consumers Continue To Put Personal Life and Business at Risk by Using the Same Passwords for Both Home and Work
Our recent survey of 1,010 US consumers reveals that 32% segregate sensitive accounts (think banks, investments, etc.) for password use. However, a sizable 39% use the same passwords more than once, and 33% use the same password for personal and work accounts. Of note, however, only 28% use different passwords for everything, led by Baby Boomers at 33%. Women are more likely to use different passwords than men (72% compared with 62%) as well as those without children. Those with higher incomes ($150k+) and 50% of younger consumers are more likely to use the same password for both work and personal than lower incomes and older consumers, putting them at higher risk.
Passwords Continue To Be Created Out of Convenience Over Security
Over half of consumers create passwords that are easy to remember, and 23% because they are easily typed or entered on a keyboard or smartphone. 73% report choosing their password for security purposes, although the numbers of repeated passwords does not bear this out. Half of passwords are between 8 and 10 characters, and 84% believe their passwords are sufficiently complex (although this is self-reported). 74% believe their passwords are secure.
Changing Passwords Is a Haphazard Occurrence
Among all consumers, 8% never change their passwords. 42% change their passwords at least once a year, but 31% do not change passwords unless notified of a security problem. This leaves nearly one-third of consumers at the mercy of companies to monitor their internal networks and notify customers after a security issue. Even worse, 60% report sometimes or regularly forgetting their passwords. What do consumers do to remember their passwords? 41% of all consumers, 62% of Generation Z (the youngest consumers), and 48% of men use their memory only, and 43% still rely on paper (62% of Boomers and 49% of women). 14% use email for password storage, which is not secure, 20% use their browser’s saved password feature, and only 4% use a password manager, although 57% say they understand how a password manager works (40% of Boomers and 69% of men).
Use of 2-Factor Authentication Is Correlated To Consumer Age
Overall, 21% of consumers use 2-factor authentication (2FA) every time a website offers it. 50% use it at least part of the time. 23% of consumers do not know what 2FA is, including 30% of women. The younger consumers (Gen Z and Millennials) are most likely to use 2FA (63%), and Boomers least likely (31%). Part of this pattern may be related to a lack of smartphone usage by the older generation (14% of Boomers do not have a smartphone compared with less than 1% of Gen Z). Smartphone access processes are not secure (do not use a password, pin or biometrics) for 14% of all smartphone users, including 21% of Boomers.
Sharing Login Information With Others Is Common Among Younger Consumers
Overall, 52% of consumers have shared their login to one or more accounts, with 34% sharing with spouses or partners. Gen Z consumers are most likely to be loose with their login, with 61% having shared a login compared with 41% for Boomers. Of those who have shared their login, 90% have shared within the past year and 80% in the past six months. 18% of all consumers, and 22% of Boomers, expect their spouse, partner or family member to handle their password account(s) if they die unexpectedly.
Employer Security Training Is Lacking
Only one-third of employers routinely provide regular security training. With 63% of employees working from home due to the pandemic, 75% of remote workers have received additional security training from their employer regarding data security while working from home, 12% of it informal. 25% did not receive any additional training.
Despite a Lack of Password Security, Knowledge of Security Scams Is Reported as High
Over 70% of consumers report being familiar with malware and spyware concepts, with 26% having been attacked by these scams. Men are twice as likely to have been victims (34% vs. 17%) than women. Of those who have been victims, 40% have been within the past six months. 28% have had their account compromised, and 29% have been victims of a data breach. 38% of consumers state they have never been victims of account compromise or data breach, but password habits are still lacking for most.
Overall, consumers are aware of the concerns, but that has not done much to change their behavior or password habits. Both men and younger consumers take too many chances, and a number of them are victims each year. Employers need more security training, and consumers need to be taught the basics of password choice and the technologies available to lessen the impact.
This study was conducted for ScoreSense© using the online portal by PeopleFish. Surveys were collected in January 2021 among a sample of 1,010 consumers in the United States aged 18+. The margin of error for total respondents is +/-3.1% at the 95% confidence level.