LastPass has released a new report that suggests that people are not taking the proper steps to protect their digital accounts. That remains true even though most people are spending more time online during the COVID-19 pandemic.
The findings come courtesy of the company’s fourth annual Psychology of Passwords report, which showed that people’s behaviors have not changed despite the massive cultural and technological upheaval of the past year. Seventy-one percent of the respondents indicated that they work at least partially remotely, while 70 percent have upped their usage of online entertainment services. The vast majority (90 percent) now have as many as 50 online accounts, and a similar number (91 percent) opened at least one of those accounts in the last 12 months.
Unfortunately, those same people are not doing a good job of protecting those accounts. A full 65 percent are still reusing the same password across multiple applications, and the increased security threat associated with a remote work environment did not prompt people to change their security habits. Nearly half (47 percent) did not do anything different while working remotely, while 44 percent shared passwords for professional accounts.
The LastPass report also suggests that awareness alone is not enough to fix the problem, insofar as most people (92 percent) know that reusing passwords is a risk, and 68 percent would create stronger passwords for bank accounts and other highly sensitive holdings.
That rigor just doesn’t translate to low-priority applications, a category that includes workplace applications for many individuals. That raises obvious security concerns for businesses, especially since 85 percent of data breaches can now be attributed to passwords that are compromised through phishing, human error, or some other means. In that regard, many people still pick passwords that are relatively easy to guess, because they are based on birthdays, addresses, or other personal details that may be publicly available to fraudsters.
“As we continue to grow our online presence, we need more robust protection for our online information,” said LastPass Product Management VP Dan DeMichele. “As a business or IT lead, adding an additional layer of security, including multi-factor authentication or single sign-on options, will help to ensure that your employees are the only ones accessing their information.”
The broader trend highlighted in the report – that people exhibit bad password behavior even when they know the risks – echoes the findings of LastPass’ previous Psychology of Passwords report. The company has since reported that most employees expect their organization to transition to passwordless security methods at some point in the future.