Passwords are Reused 64% of the Time as the Number of Passwords to Remember Reaches Over 100

negligent password reuseNew data focusing on user cyber hygiene around password use shows users are repeatedly reusing passwords across multiple applications and environments, despite the rise in breaches.

The only thing worse than a weak password is a weak password that has been breached and that the user is still using! And it’s this negligent reuse of passwords that are the general findings of SpyCloud’s 2022 Annual Identity Exposure Report.

According to the report, 2021 saw a total of 1.7 billion exposed credential pairs (email address and password) across 755 breach sources. That represents a 15% increase from 2020 with only 1.4 billion. And there’s little excuse for individuals not knowing they are part of a breach; breach notifications are sent out in most every case and even browsers like Chrome (when passwords are stored within the browser) let the user know one or more of their passwords are insecure and part of a list of breached passwords.

When reviewing the email address / password pairs exposed in 2021, SpyCloud also found that users simply aren’t learning their lessons about using unique passwords per application:

  • 70% of users breached in 2021 were still reusing the same exposed passwords found in previous years’ breaches
  • 82% of users with at least 2 exposed credentials had exactly matching passwords in both breaches

With over 100 passwords to keep track of on the average, you’d think users would be using some form of a password manager. But, according to SpyCloud, only 22% use one and users admit to simply relying on memory.

Organizations need to take the risk potential of reused passwords seriously; cybercriminals take breached password lists and automate logons against all the major banks, productivity platforms, etc. in an attempt to gain access. Users can be taught better password hygiene through Security Awareness Training that will explain why they are at risk and how threat actors take advantage of reused passwords that may affect the user at work and in their personal life.

How vulnerable is your network to hacked user passwords?

25% of employees use the same password for all logins. What if that password is available on the dark web? A massive amount of passwords are compromised due to data breaches and used by cybercriminals for attacks. KnowBe4’s free Breached Password Test (BPT) checks to see if your users are currently using passwords that are in publicly available breaches associated with your domain. BPT checks against your Active Directory and reports compromised passwords in use right now so that you can take action immediately!

BPT-1Here's how it works:

  • Checks to see if your company domains have been part of a data breach that included passwords
  • Checks to see if any of those breached passwords are currently in use in your Active Directory
  • Does not show/report on the actual passwords of accounts
  • Just download the install and run it
  • Results in a few minutes!

Check Your Passwords

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

Subscribe to Our Blog

Comprehensive Anti-Phishing Guide

Get the latest about social engineering

Subscribe to CyberheistNews