May 2 is World Password Day, a chance for security companies to plead with lazy, careless humans to improve their password habits. Software company Avira has released its Password Security Report, and it’s likely no coincidence that the company sells password managers. Regardless of possible motive, the report shows how passwords continue to plague human existence—and create opportunities for major data breaches. Here are the most alarming facts from the study:
1. Data breaches are happening more often: Four big data breaches have already occurred in 2019, and it’s only May.
2. Data breaches are getting worse: One of the worst, Mega, happened earlier this year and affected 2.7 billion email and password combinations.
3. The very worst data breach, the hacking of 3 billion Yahoo! accounts, happened in 2013 but didn’t come to light until 2016, meaning hackers had a three-year head start on exploiting the stolen data.
4. The more online accounts you have, the more vulnerable you are: Avira cited studies indicating that if you have just a handful of online accounts—6 to 10—you have a 9-percent chance of a data breach. That doesn’t sound too bad. However, if you have 100 or more online accounts, the probability jumps to 30 percent.
It’s not just the simple math of more accounts, more exposure. It’s because the more accounts you have, the more likely you are to reuse user names or passwords, one of the most common and worst habits that hackers will exploit if they can.
5. We can't seem to shake our bad password habits: According to an online survey Avira conducted with 2,519 respondents, many bad password habits persist. The biggest: Saving passwords in your browser (36 percent), closely followed by synchronizing as many devices as possible over the Internet (35 percent). More than 1 in 5 respondents (22 percent) admitted to using as few passwords as possible, while 17 percent used “stay logged in” options regularly. Finally, 9 percent of respondents still use very simple passwords, making it easier for hackers to break in.
What you can do to minimize risk
Should you buy a password manager? That’s certainly one way out of this mess (and we have a roundup of the best password managers to help you compare). Even if you resist this step, you should know the drill: Use long, complex passwords; don’t share user names or passwords across multiple sites; and use biometric or two-factor authentication whenever possible. If the worst happens, follow our guide to the 5 things everyone should do after a data breach to minimize the damage.