Password Reuse Remains a Barrier to Safer Internet Use

In support of Safer Internet Day, Google conducted research to gain insight into behavior that might be putting users at risk, with password issues being a primary concern.

Google Safer Internet Day Research

The internet by default is not always safe, which is why Safer Internet Day on Feb. 5 exists—it’s a day to educate and remind users about the steps that should be taken to reduce cyber-security risks.

But what are the unsafe things that users are doing online? Google conducted a study along with a Harris Poll of 3,000 Americans over the age of 16 to try to gauge the current state of safe, or in many cases unsafe, internet usage. Among the key findings in the study is that there is a clear gap between user perception and reality for cyber-security. Sixty-nine percent of respondents rated themselves highly for how they protect their accounts, even though the responses to other questions in the poll would seem to indicate otherwise.

"I found it sad, though not terribly surprising, that two in three people [65 percent] reuse the same password for multiple accounts," Emily Schechter, product manager of Chrome security at Google, told eWEEK. "Using unique passwords is important for good password management, and tools like password managers can help you easily generate and store strong unique passwords."

The use of the same password for multiple accounts puts users at elevated risk from data breaches. Attackers are increasingly making use of credential stuffing attacks, where passwords stolen from one site are "stuffed" and attackers attempt to reuse them on other sites to gain access.

Improper practices surrounding passwords is a key theme in Google's Safer Internet Day research. Less than a quarter (23 percent) of respondents indicated that they believe having long passwords is a good best practice for cyber-security. Remembering passwords was a pain point identified by 60 percent of respondents, yet only 24 percent noted that they make use of a password manager application.

Generational Differences

The study also found variances in how different age groups make use of safer internet practices.

"There wasn’t a clear winner in regard to which generation understands and practices strong security behaviors, but there were some interesting trends around generational differences," Schechter said.

She noted that Gen Z (16-24-year-olds) is more likely to use two-factor authentication (2FA) and more regularly update their desktop, mobile and web applications. But Baby Boomers (50+-year-olds) are more likely to use a unique password for each of their accounts (40 percent vs. 35 percent overall).

Safer Internet Day Security Tips 

There are several key security tips that Google has for users to help reduce risk and create a safer internet experience.

  • Keep software updated. Security vulnerabilities are patched regularly in applications, and attackers often look for unpatched victims to exploit.
  • Use unique passwords. Reusing the same password on multiple sites might seem convenient for users, but it also makes it easier for an attacker as well.
  • Make Use of two-factor authentication. With 2FA, even if a user's password is stolen, a second password (or "factor") is needed to gain access.
  • Set up a recovery phone number or email address and keep it updated. Having proper recovery information helps users get back into accounts if access is lost.

"While tips like keeping software updated or using unique passwords may not seem super exciting, they can go a long way toward improving your security posture," Schechter said.

Schechter is also hopeful that in the year ahead more builders of software bake in security, so that more products are easy to use securely. 

"You shouldn't have to be a security expert to use the web safely, which is why Chrome focuses on user-friendly security, with features like auto-updates and a password manager, so that everyone can use the web safely by default," she said.

Sean Michael Kerner is a senior editor at eWEEK and Follow him on Twitter @TechJournalist.

Sean Michael Kerner

Sean Michael Kerner

Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.