HSB Survey Finds Passwords Not so Secret

April 26, 2018

Passcodes Kept on Sticky Notes, Recipe Cards and Slips of Paper

How many different passwords do you have for your smartphone, tablet or computer? Where do you keep the passcodes that you can’t remember?

Almost half of U.S. consumers use one to five passwords to access all of their online applications, a survey by The Hartford Steam Boiler Inspection and Insurance Company (HSB), part of Munich Re, has found, indicating many people use the same password for different accounts.

As for how Americans store the passcodes they need to access a growing number of banking, retail, social media and business applications, it’s much more likely they will use a sticky note than a secured password management app, the study concludes.

“The survey also shows one out of three consumers was hacked in the past,” said Timothy Zeilman, vice president for HSB, a leading provider of cyber insurance and services. “That rate should be falling faster and part of the problem is carelessness with passwords and personal security.”

Think of all the online accounts and applications that require a user name and password.

Yet, the survey, conducted for HSB by Zogby Analytics, showed 44 percent of consumers use only one to five passwords and 23 percent use six to ten passwords. That suggests they probably reuse the same password for multiple accounts, a threat to security, Zeilman said.

Another 11 percent used 11 to 20 passwords; nine percent used 21 to 50 passwords and four percent used more than 50 passwords. One percent of respondents said they don’t use any password and others didn’t know or weren’t sure.

When asked how they store their passwords, only 16 percent said they used a password organizer app. Many people stored passwords as notes on their smartphones, in computer documents, notebooks and planners, on slips of paper, or saved in emails they send to themselves.

One respondent said she kept her passwords on recipe cards and a business owner said, “The ‘universal’ passwords that are used by everyone in my company are written down” for anyone to view.

Instead, passwords should be strong and stored in a secure or encrypted location. Better yet, use passphrases, choosing random common words that don’t occur together in everyday speech, Zeilman said.

The HSB consumer survey also found that 32 percent of consumers had experienced a cyber attack in the previous 12 months, down from 37 percent in a similar HSB survey released in 2016.

The most common type of damage (81 percent) was a computer virus or other type of unwanted software, up from 69 percent in the previous survey.

Zogby Analytics was commissioned by Hartford Steam Boiler to conduct an online survey of 1,551 adults in the United States. Based on a confidence interval of 95 percent, the margin for error was plus or minus 2.5 percentage points, meaning all other things being equal, the identical survey repeated will have results within the margin of error 95 times out of 100.

Source: Munich Re/The Hartford Steam Boiler Inspection and Insurance Company

Was this article valuable?

Here are more articles you may enjoy.