833-847-3280
Schedule a Call

Password Behavior: How to Secure Your Accounts Better

Password

LastPass, a password management software company, recently conducted a survey on password behavior.  They surveyed 3,250 global respondents revealing poor password hygiene.

Nearly half (44%) of the respondents stated that they reuse passwords or similar passwords on multiple sites.  While most (91%) stated they know they should not do this, it still happens.  Some people feel trying to remember a billion passwords is impossible with the timeouts that take place for incorrect passwords.  Some feel their accounts are not worth much to hackers (41% of respondents), so why bother.

However, if there is a breach where a hacker knows one password, that means he or she can then try it on other accounts and likely gain access.  Maybe an Amazon account doesn’t seem like too big of a deal, but banking accounts are something entirely different!

Trying to remember them can be hard; 60% said they were afraid of forgetting their login information.  And 54% said they memorize them, which doesn’t work out so well to try and remember what password goes with what account.  Another 25% said they reset their passwords about once a month because they continue to forget what it was.

That means if people aren’t reusing their passwords, they are probably writing them down somewhere.  Hopefully it’s not sticky notes on their monitors, or on their desk.  That is another disaster waiting to happen if someone comes by and takes a quick picture, for later usage.

Another problem is that people tend to ignore or forget about breaches.  Over half (52%) said they haven’t changed their passwords in the last 12 months, even after a known breach.  This might be going back to the fact that many people don’t think their accounts matter that much to anyone other than themselves.

A third issue is that we as a species are very predictable; we are creature of habit and like our routines and don’t like change for the most part.  About a quarter of respondents (22%) said they could guess their significant others’ passwords.  Of course, when people use “password1234”, that makes it pretty easy to guess and really easy for a computer code to guess it for a hacker.  People generally use things that are sentimental in their passwords, like their dog’s name, or their kids’ birthdate, or their anniversary.  The anniversary one does double duty for the people who forget to buy their significant other’s a gift once a year.

The issue with the use of such passwords is that a lot of the information is public knowledge, and with the internet, so much information can be found.

Not everything is doom and gloom.  People are using multi-factor authentication (MFA) for personal accounts (54%) and banking accounts (62%), and biometrics (65%).  MFA is not being utilized that often on business accounts (37%).  Also, 69% of respondents use stronger passwords on their banking accounts and 47% on their email accounts.

The information from this LastPass survey can help guide password best practices.  Another good resource is NIST SP 800-63B Digital Identity Guidelines.

Last but not least, this is a friendly reminder to check out those default passwords.  Those are easy finds and something that our penetration testers look for on a regular basis.

Latest Posts

A transparent image used for creating empty spaces in columns
In today’s digital landscape, cyberattacks are relentless, sophisticated, and increasingly costly. Yet, many government regulations designed to protect sensitive data and critical infrastructure fall short, not because they lack good intentions, but because they fail to explicitly require penetration testing as a standard practice. This regulatory ambiguity…
A transparent image used for creating empty spaces in columns
 Every IT manager knows the drill. You schedule your annual penetration test, the security team arrives, runs their tools, and delivers a comprehensive report detailing vulnerabilities and recommendations. You check the compliance box, file the report, and get back to your daily grind. Fast…
A transparent image used for creating empty spaces in columns
When a major brand like Victoria’s Secret, MGM, or T-Mobile gets hacked, it’s all over the news. These companies are household names, and a breach affecting them often exposes millions of customer records, making it a national, or even global, story. But what about small…
A transparent image used for creating empty spaces in columns
 Choosing a penetration tester isn’t just about credentials or price; it’s about trust, depth, and the results they deliver. In today’s rapidly evolving cybersecurity landscape, selecting the right penetration testing partner is more critical than ever. At MainNerve, we’ve witnessed significant shifts in the…
A transparent image used for creating empty spaces in columns
Cybersecurity threats in 2025 are evolving faster than most organizations can keep pace with. In early 2025, a global financial institution paid out a staggering $75 million following a ransomware attack. The cause? A single, compromised endpoint tied to a legacy application that had gone…
A transparent image used for creating empty spaces in columns
   Targeted retesting focuses only on the vulnerabilities you’ve already remediated. It’s scoped tightly around the affected systems, configurations, or application components that were updated, patched, or re-engineered in response to findings from the original penetration test. This approach offers several key benefits: 1.…
contact

Our Team

Name(Required)
This field is for validation purposes and should be left unchanged.
On Load
Where? .serviceMM
What? Mega Menu: Services