2 min read

Most Victims Choose a Similar or Weaker Password after a Data Breach, Study Finds

Silviu STAHIE

June 03, 2020

Most Victims Choose a Similar or Weaker Password after a Data Breach, Study Finds

Researchers from Carnegie Mellon University published a paper about people’s behavior after their passwords were compromised in a data breach, and the results are as bad as you can imagine.

One thing that becomes painfully obvious, especially for cybersecurity companies, is people’s unrivalled complacency when it comes to password management. A robust security solution can be undone by a single user who decides to continue using the one password common to all his active online resources.

The study looked at the effectiveness of password-related breach notifications and practices enforced after a breach. The most significant difference is that this is not a survey, which means that the data should be more valuable and precise. Information from 249 participants was used to check how people changed their password following a data breach.

Out of 249 participants, 63 had accounts on breached domains. Only 33% of the 63 went on to change their passwords, and only 13% did so within three months of the announcement. Furthermore, most of them used similar or even weaker passwords.

Also, 21 of the 63 people affected changed passwords immediately after the breach announcement, but the quality of the new passwords left much to be desired. The same people also had, on average, 30 other passwords that were similar to the breached password.

Over the course of two years, 223 of the 249 participants changed their passwords, and 70% of these password changes resulted in passwords that were weaker or no stronger.

“Even when they changed their password on a breached domain, most participants changed them to weaker or equally strong passwords,” states the study. “And, regardless of whether participants changed their similar passwords within a month of the first change, their new passwords on the breached domains were on average more similar to their remaining passwords,” continues.

The study concludes that password breach notifications are failing dramatically. They don’t seem to prompt people to change passwords in sufficient numbers, and the ones that do choose similar passwords. Regulators should incentivize companies to use multi-factor authentication and to hash and salt passwords to avoid credential-stuffing and rainbow-table attacks on plaintext.

tags


Author



Right now

Top posts

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

July 16, 2021

3 min read
How to protect yourself against cyberstalking

How to protect yourself against cyberstalking

July 06, 2021

2 min read
The Top Five Security Risks Smartphone Users Face Today

The Top Five Security Risks Smartphone Users Face Today

July 02, 2021

4 min read
Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

July 02, 2021

3 min read
Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger

Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger

June 30, 2021

2 min read
Mobile security threats: reality or myth?

Mobile security threats: reality or myth?

June 13, 2021

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

The UK Government Plans to Make Digital Identities Secure and Trusted Official Documents The UK Government Plans to Make Digital Identities Secure and Trusted Official Documents
Alina BÎZGĂ

July 21, 2021

1 min read
Dozens of Facebook Engineers Illegally Accessed Private User Data, New Book Says Dozens of Facebook Engineers Illegally Accessed Private User Data, New Book Says
Silviu STAHIE

July 15, 2021

1 min read
Are you a TikToker? Check Out These Eight Security Tips to Help You Minimize Your Digital Footprint and Stay Safe Online Are you a TikToker? Check Out These Eight Security Tips to Help You Minimize Your Digital Footprint and Stay Safe Online
Alina BÎZGĂ

July 14, 2021

5 min read