Only one in three people change their passwords after being informed of a data breach, according to a new study
The study, conducted by researchers from Carnegie Mellon University's Security and Privacy Institute and Indiana University Bloomington, examined the security habits and browser traffic of 249 participants from January 2017 to December 2018
Of the 249 participants in the study, only 63 had more than one account in one of the nine domains with data breaches that the researchers examined
This included the massive Yahoo data breach announced in December 2016 (not included in the study), February 2017, and October 2017 Overall, 3 billion account usernames and passwords--probably representing all Yahoo accounts--were compromised
Only 21 of the potentially affected participants changed their passwords after the announcement of the breach
Most of these users had Yahoo accounts, and 31 of them did not change their passwords after the identity theft threat
According to the study, "Two participants changed their Yahoo passwords twice; two participants changed their passwords for the compromised domains within one month of the announcement of the breach, a total of five within two months, and eight within three months
The survey also examined the quality of the new passwords and found that of the 21 who changed their passwords, only 9 chose stronger passwords On the other hand, 12 created weaker or equally strong passwords
With regard to password strength, the study claims: "On average, participants created new passwords that were 13 times stronger than their old passwords after converting the strength on a log10 scale
This study is perhaps most surprising given that it is not difficult to create ultra-secure passwords
Mixing special characters, numbers, and upper and lower case letters is a good start Avoiding words and phrases that are easily cracked is also strongly recommended
Of course, then there is the problem of remembering them all We all have passwords for everything online these days, including multiple bank accounts, online shopping, social media, etc
That's where having one of the best password management tools comes in handy With the click of a button, you can create, store, and access numerous secure passwords
Comments