People still haven’t learnt their lesson when it comes to passwords as they reuse breached ones and still pick weak ones.

Passwords are required for pretty much most things online. And people aren’t the best when it comes to changing passwords or they use the same password across multiple sites. So Big tech realise the issue of passwords and they are trying to fix it.

It seems people are struggling to remember their passwords.

People are not afraid to reuse the same password or popular passwords a new report from SpyCloud, a security firm shows. In addition, the report identifies that 64% of people used the same password exposed in one breach for other accounts. That was based on 1.7 billion username and password combinations it gathered from the 755 leaked sources in 2021.

Firstly, if a password has been breached and a person reuses it for other online accounts this poses a serious potential security problem. That is to say that if a password has been compromised once, then hackers can use it to access their other accounts.

Secondly, those weak passwords are still coming up everywhere as our old habits continue. For example, “123456”, “qwerty”, “admin”, and “password”.

In addition, those passwords based on popular culture have had a huge take up, according to SpyCloud. For example, words taken from online streaming services such as Netflix and Disney+ passwords like Loki, Falcon & Wanda.

Meanwhile in a recent deep dive into breaches from 2021 and earlier, those that are publicly available, well over half were still in use and for multiple sites. In fact, 64%.

However, SpyCloud’s has a strange definition for a password reuse and only reveal likely trends. For instance, it cross correlates and counts reuse samples with credentials it collected in a leak at one point in time with subsequent leaks it had access to. In other words, it counts same password combination observed in data breaches. So that doesn’t mean the same people were necessarily using the same password.

But SpyCloud’s does note that, “For users we can tie to breach exposures in 2021 and prior years with the same email address or username explored, 70% were still reusing the same exposed passwords.”

So, even though the report isn’t exact SpyCloud do have some good points about the trends. Firstly, people have a lot of online accounts and have trouble remembering strong passwords. Therefore, they opt to pick weak ones due to memory. Secondly, most people are not using password managers for Windows, macOS and Android. Apple has a Keychain, a built-in password manager. Whereas Windows, macOS and mobile devices can use third party apps such as LastPass and Dashlane.

Above all, the best solution to all this is multi-factor authentication (MFA). As MFA adds a second layer of protection and means your computer is secure if it has been compromised. In other words, the attack needs another code, not just your password to gain access and from the legitimate user’s smartphone, at that.

However, it seems we’re slow to implement MFA, as only 22% of enterprise customers actually do , of those that can implement. While Microsoft have shared the fact that out of the 99% of Microsoft accounts that were compromised none of them had implemented MFA.

It’s of course a human problem to not remember your passwords, even top engineers at Microsoft struggle with password problems. We all do. As a result, Microsoft dropped its Windows policy for passwords to be changed every 60 days about three years ago. Because we forget the new one or the new password is so like the old one with only minor changes. So, it doesn’t make sense to make people change them.

The problematic password is an ongoing issue that requires a lot of thought from the Big Tech companies to solve. Meanwhile people must implement strong passwords, or MFA for the time being so we can stop being easy pickings for hackers.

Want insights like this in your mailbox? Join our monthly mailing list

How can we make your business better with IT?