If there's anything we repeat constantly at PCMag, it's the need for everyone to take cybersecurity seriously. And while that is arguably on the upswing, a large swath of the populace is ignoring best practices—especially when it comes to passwords.
The numbers above from our recent survey of 1,041 adults age 18 or older in the US say it all. A full 70% of the respondents admitted they use the same password for more than one thing—sometimes (25%), most of the time (24%), or all of the time (21%). If you don't know why that's bad, read on: When someone gets your password for just one service, they have your password for everything. Since most online accounts assign your email address as a username, it doesn't take Mr. Robot to crack that code.
How would a cyber-crook get your passwords, you wonder? Thirty-six percent of our respondents said they physically write down passwords, and 24% keep them in notes stored electronically. Both of these methods make stealing passwords too easy—witnessed out of the corner of some criminal's eye, for the love of Snowden.
Of course, you can't beat memorizing. Almost half of those surveyed said that's their preference. It's the most secure method of all, unless you're afraid of having the info tortured out of you, Bond-style. In that case, we highly recommend you use a password manager. Sadly, only one-third of respondents said they use a password manager—a software program that will store and even create strong passwords for you. But we'll continue to trumpet their use until that number goes up. (The numbers above don't add up to 100%, since people use a mix-and-match approach to tracking passwords.)
Another reason to use password managers is they make it very easy to change passwords into something stronger. The majority of people said they change passwords every four to six months. Our guess is that anyone saying they do this even once a year has had it forced upon them rather than done it by choice. The 26% claiming they don't regularly change passwords are likely being the most honest.
Microsoft is moving people away from passwords entirely. This strategy may catch on with other services, but it's not necessarily an improvement, since it's simply removing the first factor of authentication (the password) in favor of the second (an authorization code). That means if someone steals your phone, they can get access even more easily to your Microsoft account (assuming they have the PIN for your phone). But that's a whole different article.
We asked the respondents not only about their passwords but also about their victimhood—as in, how many had been a victim of a cybercrime. While 46% said they'd never been a victim, the other 54% said they had. The breakdown of cybercrimes: credit card fraud, 27%; malware, 18%; ID theft; 17%; phishing attacks, 16%; and ransomware, 9%. Did a bad password pave the way for all these crimes? No more than leaving your doors unlocked means you'll be burgled, but why tempt fate?
Finally, we asked about what protection people use when online. It was a relief to see that 53% use antivirus software, even though Windows has it built into the operating systembuilt into the operating system. The number should be much higher—unless everyone taking the survey happens to be on Macs or iPhones only. Chances are that the majority of respondents are probably using antivirus without even realizing it.
VPNs and privacy-focused browsers/modes make a good showing, though. Hopefully, stats like those above will drive a few more people to make more security-conscious tech decisions. For more, read How to Get Google to Quit Tracking Your Location and How to Prevent Web Tracking on Your Favorite Browser.