Passwords protect a gateway to knowledge. Whether it be online banking tools, mortgage or utility payments for individuals and families, or email servers, networks, and electronic warehouse databases for organizations, passwords are personal safety mechanisms to provide entry for some and deterrence for others.
To gain a better grasp on how passwords are used and protected by Americans, adaptive access control company, SecureAuth Corporation, in partnership with Wakefield, a market research firm, conducted an online survey of 1,022 US adults, ages 18 and over.
The survey revealed that Americans tend to participate in unsafe password conduct.
Craig Lund, CEO at SecureAuth, told Homeland Security Today that a password can be used for unlocking a lot more than justFacebook and email accounts—it can be the key to unlocking personal security.
“And yet, Americans continue to put themselves at risk,” Lund said. “According to our survey, more than 1 in 3 remember their passwords by writing them down on paper, and 1 in 4 use the same password for multiple accounts.”
The results revealed that Americans in general become frustrated with standard online password methods, leading to carelessness; this happens most often with those who choose to write their password down.
“We understand passwords can be frustrating, but its important individuals exercise caution when it comes to protecting information,” Lund explained. “To avoid data theft, all individuals should look to add additional layers of security. This means combining a strong password with two-factor authentication. To be really effective, it needs to be used in conjunction with other risk analysis factors and not as the only form of defense."
The report further revealed that 74 percent of those who responded to the survey relied on some method, other than memorization, to recall their online passwords. Some blamed the need to utilize additional methods on the following:
- Keeping up with different password requirements across accounts – 29 percent
- Meeting complex password requirements – 18 percent
- Needing to change it regularly – 15 percent
- Getting locked out for too many incorrect attempts – 12 percent
Recent high profile security breaches, such as the breach of Sony Pictures Entertainment and the attack on the Office of Personnel Management, have done little to detract people from participating in such behavior.
“Cyberattacks cost millions of dollars a year, hurt individuals, and lead to long, drawn-out lawsuits,” Lund stated in the report. “Just ask the FBI, Target or Internal Revenue Service. It’s in everyone’s best interest to make it difficult for attackers to cause damage – now we just need to reframe what defines safe when connected online.”
Password security protocol is not isolated to any specific industry, which is why concerns over their usage and safety are universal. The White House has taken notice of this important subject matter, and in early 2016, released the Cybersecurity National Action Plan (CNAP) to encourage guidelines for the federal government, private industry, and for private citizens.
“On the federal front, things are even more delicate,” Lund stated. “Many government officials handle incredibly critical and sensitive data. In order to determine if the user logging in to a network is legitimate, organizations need to confirm their identity with the strongest form of access control making use of adaptive multi-factor authentication.”
“Advances in multi-factor authentication have brought to market a number of options that help users stay both secure and productive by layering multiple techniques such as, device recognition, geo-velocity, geo-location or IP reputation, to continuously contextualize elements for accurate user authentication,” Lund added.
CNAP can only provide so much support. Americans must make an honest effort in looking to improve their overall Internet safety and the confidentiality of the passwords they use.
The report found some ways to do this include:
- Steering clear of password reuse across multiple sites
- Setting up a password manager to help manage complex passwords
- Where possible, enabling two-factor authentication on any website or web based application
“Inherent risks come with relying on using passwords alone to protect valuable data – and the proof is in the pudding as we’ve seen attacker after attacker compromise credentials and use them to their advantage,” said Lund. “By layering adaptive multi-factor authentication techniques, organizations and individuals alike can further strengthen their defenses against cyber adversaries.”