BOSTON, Nov. 1, 2022 — LastPass today released findings from its fifth annual Psychology of Password findings, which revealed even with cybersecurity education on the rise, password hygiene has not improved. Regardless of generational differences across Boomers, Millennials and Gen Z, the research shows a false sense of password security given current behaviors across the board. In addition, LastPass found that while 65% of all respondents have some form of cybersecurity education — through school, work, social media, books or courses via Coursera or edX — the reality is that 62% almost always or mostly use the same or variation of a password.
The goal of the LastPass Psychology of Passwords research is to showcase how password management education and use can secure users' online life, transforming unpredictable behavior into real and secure password competence. The survey, which explored the password security behaviors of 3,750 professionals across seven countries, asked about respondents’ mindset and behaviors surrounding their online security. The findings highlighted a clear disconnect between high confidence when it comes to their password management and their unsafe actions. While the majority of professionals surveyed claimed to be confident in their current password management, this doesn’t translate to safer online behavior and can create a detrimental false sense of safety.
Key findings from the research include:
- Gen Z is confident when it comes to their password management, while also being the biggest offenders of poor password hygiene. As
the generation who has lived most of their lives online, Gen Z (1997 –
2012) believes their password methods to be “very safe.” They are the
most likely to create stronger passwords for social media and
entertainment accounts, compared to other generations.
However, Gen Z is also more likely to recognize that using the same or similar password for multiple logins is a risk, but they use a variation of a single password 69% of the time, alongside Millennials (1981 –1996) who do this 66% of the time. On the other hand, Gen Z is the generation most likely to use memorization to keep track of their passwords by 51%, with Boomers (1946 – 1964) the least likely to memorize their passwords at 38%.
- Cybersecurity education doesn’t necessarily translate to action. With 65% of those surveyed claiming to have some type of cybersecurity education, the majority (79%) found their education to be effective, whether formal or informal. But of those who received cybersecurity education, only 31% stopped reusing passwords. And only 25% started using a password manager.
- Confidence creates a false sense of password security. While 89% of respondents acknowledged that using the same password or variation is a risk, only 12% use different passwords for different accounts, and 62% always or mostly use the same password or a variation. To add to that, compared to last year, people are now increasingly using variations of the same password, with 41% in 2022 vs. 36% in 2021.
“Our latest research showcases that even in the face of a pandemic, where we spent more time online amid rising cyberattacks, there continues to be a disconnect for people when it comes to protecting their digital lives,” said Christofer Hoff, Chief Secure Technology Officer for LastPass. “The reality is that even though nearly two-thirds of respondents have some form of cybersecurity education, it is not being put into practice for varying reasons. For both consumers and businesses, a password manager is a simple step to keep your accounts safe and secure.”
For more information and to download the full Psychology of Passwords research findings, please click here.
LastPass commissioned the market research firm Lab42 to reveal the current state of password behaviors in the new era of remote work. The responses were generated from a survey of 3,750 professionals at organizations across a variety of industries in the United States, United Kingdom, Germany, Australia, Singapore, and Brazil. The survey asked the professionals surveyed about their feelings and behaviors regarding online security. The result? An increase in time spent online with continued poor password behavior and cognitive dissonance.
LastPass is an award-winning password manager which has helped more than 33 million registered users organize and protect their online lives. For more than 100,000 businesses of all sizes, LastPass provides password and identity management solutions that are convenient, easy to manage and effortless to use. From enterprise password management and single sign-on to adaptive multifactor authentication, LastPass for Business gives superior control to IT and frictionless access to users. For more information, visit https://www.lastpass.com. LastPass is trademarked in the U.S. and other countries.