But has that inspired Americans to improve their digital security habits? Our research shows that while there are some behavioral improvements over last year\u2019s results, there are still weak spots in the country\u2019s cybersecurity practices.<\/p>\n
The Good News:<\/strong><\/p>\n Read on for a revealing analysis of Americans\u2019 password habits, as well as a guide to the best practices to keep you safe and secure online.<\/p>\n Gone are the days where hackers had to guess passwords themselves. Now, they can use software to crack seemingly uncrackable passwords. These pieces of software crunch through whole dictionaries in seconds to try to guess commonly used words as passwords. Some are sophisticated enough to use a person\u2019s personal information like birthday, spouse\u2019s name, kids\u2019 birthdays, etc. That is why we recommend using a random password generator that can create randomized passwords. More on that later.<\/p>\n Unfortunately, we found that a majority of Americans violate the first password commandment by using the same login for more than one account \u2013 a practice that can seriously compromise your online security. If one account is hacked, all the other accounts that use the same password can potentially be hacked. It\u2019s like having one key for all doors in your house; it may be convenient, but it makes things just as convenient for thieves when they get access to that key.<\/p>\n On the plus side, many people appear to have learned the dangers of shorter passwords, leading a large majority (84 percent) to use at least eight-character codes when logging in:<\/p>\n Of course, it\u2019s not just the number of characters but how they\u2019re chosen that counts most when it comes to security. Placing new punctuation into old passwords doesn't fool an algorithm. Arranging words randomly doesn't fluster a dictionary database. Combining your pet's name and your birthday isn't cryptic when that info is available on Facebook.<\/p>\n The most impenetrable passwords are constructed with randomly selected characters, but we found that many people still conjured up their codes using repetition and familiar words:<\/p>\n Recycled passwords are the easiest to hack, even when they\u2019ve been slightly changed \u2013 which is how our respondents come up with most of their codes. 57 percent admitted to merely tweaking old passwords and substituting characters (like typing \u201c@\u201d for \u201ca\u201d or \u201c1\u201d for \u201ci\u201d) when updating their login information.<\/p>\n Slightly more secure were the 79 percent of users who generated their own passwords by creating new combinations of words and numbers. While methods varied (19 percent used full sentences, 17 percent selected randomly from the dictionary, and 13 percent claimed to roll word dice), they all shared the same flaw: real words are recognizable strings that can be more easily cracked.<\/p>\n This is especially true when chosen words and numbers aren't as random as we think. Examining respondents\u2019 sources for passwords, we found several predictable elements:<\/p>\n More than half of people admitted that they use familiar names in their passwords, such as their own name or their children\u2019s or pet\u2019s names. In fact, 15 percent used their own first name in their passwords! Using meaningful names and numbers makes work easier for hackers who may already possess personal data<\/a>, while sequential keystrokes and \u201ctricky\u201d characters offer little protection from code-breaking programs.<\/p>\n Another 42 percent admitted to using curse words in their passwords, up from just 20 percent of people in our 2020 study. Although these words are probably very memorable for some people, they are vulnerable since they are so commonly used in passwords. Also, think twice before using profanities in your workplace logins since your employer may be able to see them.<\/p>\n Using important names and meaningful numbers might seem like an easy way to help you remember passwords, but they are also very easy for hackers to guess and crack.<\/p>\n Random Password Generators<\/strong><\/p>\n By far, the safest way to compose strong, unique logins is to use a password generator tool. These programs follow recommended standards, don't use data tied to the user, don\u2019t rely on real words, and never recycle suggestions. With no patterns, random passwords are hard to guess even with sophisticated password-cracking software.<\/p>\n Our study shows that 27 percent now use password generators, up from 15 percent the previous year. That corresponds with the increase of the use of password vaults, since most password management tools include a random password generator. Web browsers (like Chrome) and operating systems now offer that feature, too.<\/p>\n Outside those, there are other options if you want a free password generator. Even Security.org has a free Random Password Generator tool<\/a>. Ours can generate passwords from six to 32 characters long and can include uppercase and lowercase letters, numbers, and special symbols.<\/p>\n At a minimum, a secure, randomly generated password must have:<\/p>\n Password Protection Tips<\/strong><\/p>\n Creating strong passwords<\/a> is only half the battle, as it\u2019s equally important to keep your logins private and secure.<\/p>\n It was encouraging to learn that many in our research have used two-factor authentication on at least one device or account:<\/p>\n This number may be inflated by counting smartphones that authenticate via fingerprint or face scan by default. Hopefully, a similar proportion of people activate 2FA on all important accounts, which is like adding a deadbolt to back up their keys.<\/p>\n More disheartening was discovering that over a third of Americans continue to share their personal passwords. Unfortunately, this number had jumped significantly since last year.<\/p>\n Part of the rise may be due to increased sharing of streaming service logins during pandemic lockdowns, but even this practice is a security risk that needs to be taken seriously.<\/p>\n Comparing year-over-year results did reveal that password storage methods are gradually improving. While the number of adults relying on memory stayed steady, more users turned to secure digital methods and fewer committed codes to paper or hard drives.<\/p>\n Most of these methods are imperfect. Those memorizing logins tend to reuse simple passwords, while notebooks and Post-Its are inefficient and easily pilfered. Local digital files are better, but remain unencrypted and insecure. Password managers are the best solution for storing complex codes (though browser versions should never be used on shared devices).<\/p>\n As greater portions of our personal, professional, and financial lives transpire online, securing data becomes ever more important. The first line of defense for your digital accounts is password protection, so don\u2019t let bad habits make you more vulnerable.<\/p>\n It\u2019s easy to think that hacking won\u2019t happen to you, but 38 percent of those in our study have experienced at least one broken password, and most of those victims had employed bad practices.<\/p>\n It\u2019s little wonder that only 49 percent of Americans strongly believe that their passwords are safe. You may never be able to halt hacking<\/a> or control all corporate data breaches<\/a>, but good password habits can keep your information far safer. By following best practices, using password managers<\/a>, and vigilantly guarding your identity against theft<\/a>, you can feel more confident about personal digital security.<\/p>\n The gold standards of password protocols are set by the National Institute of Standards and Technology\u2019s (NIST). Its annual recommendations regularly evolve to keep pace with hacking and countermeasure techniques, but consistently feature these main principles:<\/p>\n Given all of these safety guidelines, you may be wondering whether your current passwords are strong enough. Plug them into our free Password Strength Tool<\/a> to find out.<\/p>\n\n
The Bad News:<\/strong><\/h3>\n
\n
Password Creation Habits<\/strong><\/h2>\n
![\"Do](\"https:\/\/www.security.org\/app\/uploads\/2021\/09\/Asset_1.png\" "\\"Do")
<\/p>\n![\"Characters](\"https:\/\/www.security.org\/app\/uploads\/2021\/09\/Asset_2.png\" "\\"Characters")
<\/p>\n![\"Ways](\"https:\/\/www.security.org\/app\/uploads\/2021\/09\/Asset_3.png\" "\\"Ways")
<\/p>\n![\"Password](\"\/app\/uploads\/2021\/09\/Asset.png\" "\\"Password")
<\/p>\n![\"Percentage](\"https:\/\/www.security.org\/app\/uploads\/2021\/09\/Asset_5.png\" "\\"Percentage")
<\/p>\n\n
![\"Do](\"https:\/\/www.security.org\/app\/uploads\/2021\/09\/Asset_6.png\" "\\"Do")
<\/p>\n![\"Percentage](\"https:\/\/www.security.org\/app\/uploads\/2021\/09\/Asset_7.png\" "\\"Percentage")
<\/p>\n![\"Primary](\"https:\/\/www.security.org\/app\/uploads\/2021\/09\/Asset_8.png\" "\\"Primary")
<\/p>\nThe Bottom Line<\/strong><\/h2>\n
![\"38%](\"https:\/\/www.security.org\/app\/uploads\/2021\/09\/callout.png\" "\\"38%")
<\/p>\n![\"Common](\"https:\/\/www.security.org\/app\/uploads\/2021\/09\/Asset_9.png\" "\\"Common")
<\/p>\nBest Practices for Your Passwords<\/strong><\/h2>\n
\n
Our Data<\/strong><\/h2>\n