Americans' Password Habits Put Organizations at Risk

A recent study reveals that most Americans use short, uncomplicated, and often predictable passwords - a bad habit that can also put their employers at risk.

This was the finding of an annual report on password strategies by Security.org, a team of security experts, advisors, and researchers. The researchers asked 750 Americans to share their password strategies and security habits. Their data shows that Americans are more concerned with creating easy passwords than improving their security stance.

Here are some key findings:

• Nearly half (45%) of Americans use passwords that are eight characters or less.

• 25% of Americans share their personal passwords with other people.

• Just 15% of Americans use strong password generators. 

And where do people get the inspiration for their passwords? Well, here are some key findings on Americans’ password “inspiration”:

• 21% of Americans have used Trump or Biden as part of their password in 2020. More Americans use Trump (12%) than Biden (9%).

• 14% use “COVID” in their password.

• Nearly 20% admit to dropping an f-bomb or other curse word as part of their passwords.

• Pets are pretty popular too. More people use their pet’s name as part of a password than a parent’s name, child’s name, last name or friend’s name.

America’s password problem may lie in the fact that more of us (37 percent) rely on the old-fashioned “memory” than any other technique for storing passwords.

How this Affects Organizations

Unfortunately, bad password habits don’t stop at the door to the office. These security practices transfer to the organization through employees’ corporate accounts. 

While multi-factor authentication use has become more common, most organizations still heavily rely on passwords to filter access to sensitive information. And employees do a lot that puts that critical information at risk.

Best Practices for Organizations

1. Have an enforced password policy that dictates minimum password length and complexity. Long, strong passwords with a mix of numbers, letters and special characters are hardest to crack.

2. Use Multi-Factor Authentication wherever possible. This extra layer of security might use a code texted to your phone, a verification app, or even a fingerprint or facial recognition to sign-in. 

3. Consider investing in a corporate password manager. With only one password to keep track of - coupled with multi-factor authentication - your employees can focus on creating strong passwords rather than ones they can remember. 

At Kotman Technology, we recommend Dashlane to all of our clients. Not only is it the most secure choice, but it’s also incredibly affordable for businesses of all sizes. Dashlane also offers individual memberships completely free of charge.

Kotman Technology has been delivering comprehensive technology solutions to clients in California and Michigan for nearly two decades. With a customer retention of over 98%, we pride ourselves on being the last technology partner you'll ever need. Contact us today to experience the Kotman Difference.