Security Awareness Training Doesn’t Seem to Enhance Password Hygiene

Security awareness training is an important component of any security tactic; nevertheless, one area where it’s having a minimal impact is enhancing password hygiene. Workers can be trained to know what a strong password is and how it must be made, however even if the theory is known it isn’t being practiced. Workers may know the value of following good cyber hygiene with regard to passwords, however making strong, unique passwords for each account is hard, and recalling those passwords is almost not possible.

Every year, LastPass does its Psychology of Passwords survey. This year, there were 3,750 professional respondents, who were asked about how they create passwords for their individual and work accounts. The survey showed there was a high degree of confidence in current password management practices, however, in a lot of instances, there was a false perception of safety because good password hygiene wasn’t always followed.

The greatest disconnect concerns Gen Z, which had the highest level of confidence in their password management practices, but the lowest scores for password hygiene. Gen Z participants were the most likely to identify password problems, for example using the same passwords on several accounts, however, this age group used the same passwords 69% of the time. On the whole, 62% of survey participants confessed to nearly always or mostly utilizing similar passwords or variants of them for their accounts.

The survey revealed that 65% of the participants had obtained some kind of cybersecurity awareness training and 79% stated their education was good. On the whole, 89% of participants stated they are aware that utilizing the same password or variants of it was a security threat, however, only 12% stated they make use of a unique password for every account. When questioned about modifications to their password practices after getting security awareness training, merely 31% of participants stated they adjusted their password habits and stopped using the same password for several accounts, and merely 25% of participants began utilizing a password manager.

The majority of respondents utilized a risk-based strategy when making passwords. 69% said they use stronger passwords for fiscal accounts and 52% said they utilize more complicated passwords for their email accounts. Comfort is preferred over safety for other accounts. 35% used stronger passwords for their health data, 32% for social media accounts, 18% for business or online shopping accounts, and 14% for streaming service accounts, for example, Netflix. 13% of participants stated they make passwords in the same manner, no matter what account the password is for. Just 33% of respondents mentioned they use stronger passwords for their accounts at work.

One way that employers could enhance password security is to give their staff a password manager. A password manager will recommend strong, unique passwords randomly, will save them safely in an encrypted space, and will autofill forms when required so there’s no need to remember passwords. To motivate employees to utilize a password manager, employers can give an account to employees to be used at work and for personal purposes and to emphasize its advantages during security awareness training sessions. The Bitwarden Password Decisions survey released last October showed that 71% of respondents are likely to utilize a password manager when it is provided by the company for personal use. Only 5% said they will probably not use it.

This latest research shows that even if approximately 66% of respondents are equipped with some cybersecurity education, it’s not being practiced for different reasons. If both individuals and businesses would use a password manager, accounts can be kept safe and secure.