According to one global study, everyone else reuses one crackable password for multiple online services.
Why does the world need a World Password Day (6 May) to remind people not to take shortcuts in protecting their personal data and assets?
Identity management experts at Auth0 asked more than 1,200 business leaders and 8,000 consumers around the world about their expectations for online login and sign-up experiences, ending up with a rather clear signal as far as surveys go: Almost nine in 10 respondents reused passwords.
Among the respondents in the Asia Pacific region, when using a new website or online service, the main frustrations were creating a password that meets certain requirements (53%), entering private information such as a passport number, tax file number, medical card number, etc., (52%); and having to fill in long login or sign-up forms (50%). Is that why this frustration led to 89% of Asia Pacific consumers reusing passwords for more than one account, and 51% admitting to doing so frequently?
What needs to improve?
Across the world, password reuse was still alive and well, with 88% admitting to the practice.
Compared to our region, only 44% of consumers surveyed in Europe found creating a compliant frustrating, and only 42% were frustrated by having to enter private information.
According to Richard Marr, General Manager (APAC), Auth0: “Consumers are frustrated with the standard password and username method of authentication. As humans, we aren’t suited to remembering long, complex alphanumeric combinations, and need easier, faster and more secure forms of authentication, and it’s partly because of this that we’re seeing a rise in successful cybercrime. It’s time we consider the role of businesses in promoting a safer internet by offering more secure and convenient alternatives to passwords.”
For businesses
- Marr said this is an opportunity for organizations to listen to customers and make changes to the login process. Technologies exist to stop users from getting frustrated, while protecting them against fraud.
- Passwordless and biometric security are already mainstays of multifactor authentication, and adaptive technologies are already on the market that can offer that security without the friction.
- We need to see technology adapt to humans, not the other way around. Passwords will inevitably make way for alternatives that are driven by the adoption of the WebAuthn standard, but businesses need to prepare for that transition now.”
For consumers
- Marr said that good password hygiene message simply has not yet sunk in deeper than the frustrations we feel. This means our personal data—often scattered across multiple platforms and accounts—could be at risk. “Everyone should take stock of our apps and online accounts, and carve out a bit of time today to download a password manager across our devices and develop strong, unique passwords.”
According to a German cyber psychologist, many online users are now well aware that there are security problems with using the same username and password combination to register for multiple services. Yet they try to suppress that psychologically in the brain.
The more extensive a registration process appears, the less inclined we are to go through with it. Convenience and simplicity play a major role here, which means we need to rethink password security in a way that does not compromise the customer experience.