With credentials being at the forefront of most cyberattacks, the need for strong, unique passwords is at an all-time high. But new data shows users know what to do, but don’t do it.
We’ve seen how the majority of phishing attacks target credentials, so it becomes increasingly important for those stolen credentials to only provide access to a singular platform/application/etc. But, that only works IF (and it’s a pretty big if!) users utilize unique usernames and passwords for each and every system.
According to LastPass’ Psychology of Passwords report, users are a bit apathetic to the cause of securing the organization with proper password hygiene:
- 51% of users rely on their memory to keep track of passwords, despite 79% agreeing that compromised passwords are concerning
- 65% always or mostly still use the same password or a variation, despite 92% admitting that they know using the same password or a variation is a risk
Now add in working remotely – something I’ve written about a number of times as not helping the organization’s security stance – and LastPass shows users aren’t looking out for their organization:
- 47% have not changed their online security habits since working remotely
- 46% have not strengthened their passwords while working remotely
- 44% have shared sensitive information and passwords for professional accounts while working remotely
In short, users are not concerned (or are made to be concerned) with password security. Security Awareness Training assists with not just educating users on scams, phishing attacks, social engineering tactics, and the like, but also teaches users why they need to be vigilant, use good password hygiene, and participate in the organization security.
This password problem can only be addressed through educating the user; Security Awareness Training is the key.