LastPass today released results from its fifth annual Psychology of Password study, showing that despite increasing cybersecurity awareness, password hygiene has not improved. Regardless of the generational gap between Boomers, Millennials and Gen Z, the study reveals a false sense of password security given current behaviour across the board. Additionally, LastPass found that while 65% of all respondents have received some form of cybersecurity training — through school, work, social media, books, or courses through Coursera or edX — the reality is that 62% almost always or mostly the same or use a variation of a password.
The aim of the LastPass Psychology of Passwords research is to show how the training and use of password management can secure users’ online lives and transform unpredictable behaviour into real and secure password competence. The survey, which examined the password security behaviours of 3,750 professionals in seven countries, asked respondents about how they think and behave when it comes to their online security. The results showed a clear discrepancy between high trust in password management and insecure actions. While the majority of professionals surveyed said they were comfortable with their current password management practices, it does not lead to safer online behaviour and can create an adverse false sense of security.
Key findings from the research include:
- Gen Z is confident when it comes to their password management, while also being the biggest culprit of poor password hygiene. As the generation that spent most of their lives online, Gen Z (1997-2012) considers their password methods to be “very secure”. They are most likely to create stronger passwords for social media and entertainment accounts compared to other generations.
However, Gen Z is also more likely to recognize that using the same or similar password for multiple logins poses a risk, but they use a variation of a single password 69% of the time, along with Millennials (1981-1996) who do 66% of the whole time. On the other hand, Generation Z is the generation most likely to use memorization to keep track of their passwords at 51%, while Boomers (1946-1964) are the least likely to memorize their passwords at 38%.
- Cybersecurity education does not necessarily lead to action. With 65% of respondents reporting having some form of cybersecurity training in place, the majority (79%) felt their training was effective, whether formal or informal. But of those who received cybersecurity training, only 31% have stopped reusing passwords. And only 25% started using a password manager.
- Trust creates a false sense of password security. While 89% of respondents acknowledged that using the same password or a variation is a risk, only 12% use different passwords for different accounts and 62% always or most of the time use the same password or a variation. Additionally, people are now increasingly using variations of the same password compared to last year, with 41% in 2022 versus 36% in 2021.
“Our latest research shows that even in the face of a pandemic where we’ve spent more time online in the face of escalating cyberattacks, people continue to be thrown off guard about protecting their digital lives,” said Christofer Hoff, chief secure technology officer for LastPass. “The reality is that while nearly two-thirds of respondents have some form of cybersecurity training, it is not put into practice for a variety of reasons. For both consumers and businesses, a password manager is an easy step to keep your accounts safe and secure.”