3 min read

FICO Survey Shows 21% of People Reuse Five or Fewer Passwords on Multiple Services

Silviu Stahie

May 19, 2020

FICO Survey Shows 21% of People Reuse Five or Fewer Passwords on Multiple Services

User names and passwords are an essential part of security. A new survey, though, shows people, including employees, tend to reuse the same passwords across multiple online services, leaving both personal and work accounts vulnerable. 

The blurring of the boundary between work and personal life may have negative consequences for both people and the organizations they work for. Reusing credentials is a much bigger problem than people realize, the security of companies can be circumvented by attackers using real user names and passwords, making their intrusions much more difficult to spot. 

The reuse of credentials is closely related to another issue, that of using easy to guess passwords or phrases. Bad actors might use a dictionary attack, entering commonly used credentials, or a credential stuffing attack, where leaked credentials are tried until something works. 

A user could use the same password for a video streaming service at home and a Microsoft Office 365 account at work. If the video streaming service’s security is compromised and credentials are stolen, the work account is now compromised as well, even if the employee doesn’t know it. 

A recent FICO (Fair Isaac Corporation) survey in the United States shows that, on average, only 41% of users are happy to use usernames and passwords in security. Moreover, 21% of all people surveyed say they reuse five or fewer passwords across all of their accounts. 

The survey also unveiled some interesting statistics regarding the alternatives, especially in the banking and financial sector. For example, 65% of the people would be happy to provide their biometric identification, such as fingerprints, to the bank, although that percentage drops to 29% for eye scans and 37% for facial scans. 

Using the same credentials on multiple systems is just one reason companies are looking at other ways to log in to their services, such as passwordless logins, biometrics, and more.

Until that future arrives, uses should always consider using complex and unique passwords, and never reuse the same password twice.

tags


Author


Silviu Stahie

Silviu is a seasoned writer who followed the technology world for almost two decades, covering topics ranging from software to hardware and everything in between. He's passionate about security and the way it shapes the world, in all aspects of life. He's also a space geek, enjoying all the exciting new things the Universe has to offer.

View all posts

You might also like

Bookmarks


loader