According to a new report done in partnership with Google, two-thirds of U.S. adults use the same password for multiple things—and that’s not even the worst security habit tech users have.
Passwords are really annoying to remember, and you have to use so many of them. And that creates a natural temptation to repeat passwords.
In fact, according to a recent study that The Harris Poll conducted in partnership with Google, roughly two-thirds of people repeat passwords for a wide variety of sites—from email clients to social networks to banks. And with the average consumer having around 27 accounts requiring some sort of password, any issue with those accounts could expose your identity to a massive attack surface.
According to Harris’ survey [PDF] of more than 3,400 U.S. adults, around 40 percent of respondents say they’ve run into a data breach of some kind, but despite that, many people can’t be bothered to take steps to protect themselves—just 37 percent of respondents use two-factor authentication, 34 percent change passwords regularly, and 15 percent use a password manager.
And sometimes, people use objectively bad passwords for whatever reason—with nearly 60 percent of people studied saying their birthday has been integrated into at least one password, 33 percent using a pet’s name, and 22 percent using their own name. And then there are the 24 percent of Americans who use passwords like “Password” or “123456” to protect their accounts.
As a part of National Cybersecurity Awareness Month, Google is taking steps to help fix this issue by creating a Password Checkup feature that will automatically check to see if your password is included in a database of breached passwords.
“We’ve found more than 4 billion usernames and passwords that have been exposed due to third-party breaches,” Google stated in a blog post. “If any of these are yours, attackers could have these passwords and access your information.”
Google’s offering is one of a few of its nature. The independent website Have I Been Pwned, run by security researcher Troy Hunt, can also be an effective way to track issues with data breaches, and it allows for searches by both email address and password. Additionally, popular tools such as 1Password and LastPass allow users to automatically generate new passwords for new accounts while not having to go to the trouble of remembering them.
But getting people to use them? That’s the hard part.