Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint

4/29/2020
01:45 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Americans Find Password Management as Stressful as Retirement

New research by NordPass explores people's password managing habits.

Password management can be as stressful as planning for retirement, reveals new research by NordPass. More than 30% of people think that resetting and coping with passwords is hugely stressful, and can be compared to the stress of ceasing to work. 

However, losing a vital password without a password reset option is far more stressful. 67% of the respondents agreed that it’s as stressful as dismissal from work or changing jobs.

Data breach and identity theft were deemed even more stressful. 76% of respondents compared data breach to personal injury, illness, and financial problems. 80% compared identity theft to having personal documents stolen or losing a wallet.

Too many passwords
Why is password management so difficult? 66% of the survey respondents say that it’s because they simply have too many accounts to manage. 41% can’t remember which password is for which account, and 38% can’t remember because they use unique ones for every account. 

“It is not surprising that people struggle with effective password hygiene. Our study revealed that 7 out of 10 respondents in the US have more than 10 password-protected accounts for personal use. 2 out of 10 have more than 50 such accounts. On top of that, add all work and school-related accounts, and it ends up being a huge amount of information,” says Chad Hammond, security expert at NordPass.

Not all accounts are the same
NordPass research also confirmed that people view some accounts as more important than others. For example, 82% of people think it would be very harmful if their bank accounts get hacked. 73% agree that having their personal email hacked would be extremely damaging, and 71% feel that way about large online store (such as eBay or Amazon) accounts. In comparison, only 45% of people perceive it harmful if online forums (such as Reddit or Medium) or fitness apps get hacked.

“People tend to worry about financial accounts more. But it’s important to remember that if you use weak or repurposed passwords, it doesn’t matter which account gets hacked. In essence, all accounts become jeopardized,” says Chad Hammond, security expert at NordPass.

Sadly, even the most critical accounts are left insufficiently secured. For example, only 53% use a unique password to protect banking or other financial accounts. Similarly, only 46% protect their personal email account with a unique password.

Even cybercrime victims don’t take appropriate actions

Out of all the people surveyed, 22% have been victims of cybercrime. Out of all victims, 57% consider themselves tech-savvy, 48% are between the ages of 25 and 44, 15% are business owners, and 12% are managing directors.

"We started seeing a pattern when comparing the data of cybercrime victims and those who have never fallen prey. People who have been hacked tend to have more password-protected accounts. They’re also more ready to admit it’s extremely challenging to manage them," says Chad Hammond, security expert at NordPass.

The study also reveals a different attitude towards passwords by those who have been affected by cybercrime. “Victims become more concerned about their email, forums or entertainment, communication, health apps’ accounts. They also acknowledge the necessity of strong passwords for these accounts more often. However, they don’t seem to take any action. Victims of cybercrime don’t tend to secure their accounts with unique passwords more often than those who haven’t experienced cybercrime,” says Chad Hammond, security expert at NordPass.

Methodology: Password manager NordPass anonymously surveyed 700 people in the US to find about consumers’ password habits as well as understand how much of a burden password managing is to most people.

ABOUT NORDPASS
NordPass is a new generation password manager shaped with cutting-edge technology, zero-knowledge encryption, simplicity, and intuitive design in mind. It securely stores and organizes passwords by keeping them in one convenient place. NordPass was created by the cybersecurity experts behind NordVPN - one of the most advanced VPN service providers in the world. For more information: nordpass.com.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 6/4/2020
Abandoned Apps May Pose Security Risk to Mobile Devices
Robert Lemos, Contributing Writer,  5/29/2020
How AI and Automation Can Help Bridge the Cybersecurity Talent Gap
Peter Barker, Chief Product Officer at ForgeRock,  6/1/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: What? IT said I needed virus protection!
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-13768
PUBLISHED: 2020-06-04
In MiniShare before 1.4.2, there is a stack-based buffer overflow via an HTTP PUT request, which allows an attacker to achieve arbitrary code execution, a similar issue to CVE-2018-19861, CVE-2018-19862, and CVE-2019-17601. NOTE: this product is discontinued.
CVE-2020-13849
PUBLISHED: 2020-06-04
The MQTT protocol 3.1.1 requires a server to set a timeout value of 1.5 times the Keep-Alive value specified by a client, which allows remote attackers to cause a denial of service (loss of the ability to establish new connections), as demonstrated by SlowITe.
CVE-2020-13848
PUBLISHED: 2020-06-04
Portable UPnP SDK (aka libupnp) 1.12.1 and earlier allows remote attackers to cause a denial of service (crash) via a crafted SSDP message due to a NULL pointer dereference in the functions FindServiceControlURLPath and FindServiceEventURLPath in genlib/service_table/service_table.c.
CVE-2020-11682
PUBLISHED: 2020-06-04
Castel NextGen DVR v1.0.0 is vulnerable to CSRF in all state-changing request. A __RequestVerificationToken is set by the web interface, and included in requests sent by web interface. However, this token is not verified by the application: the token can be removed from all requests and the request ...
CVE-2020-12847
PUBLISHED: 2020-06-04
Pydio Cells 2.0.4 web application offers an administrative console named “Cells Console� that is available to users with an administrator role. This console provides an administrator user with the possibility of changing several settings, including the applicat...