Weak passwords can make it easy for hackers to gain access to your computer, files, and network server. Although password security is highly important for both personal and work accounts, not all users follow password authentication guidelines. Businesses may also not be using password management systems, which make it simple to manage online passwords and, most importantly, protect against cyberattacks.
GetApp surveyed over 1,000 people aged 18 and above in Australia to understand how they manage, update, and save passwords that they use across multiple accounts. We’ll explore how Aussies currently handle password security so employers can ensure that their staff adheres to effective cybersecurity measures.
*Full survey methodology can be found at the bottom of this article.
66% of GetApp’s survey respondents use the same password across multiple accounts
In a work setting, failure to follow password best practices can pose a major threat to a company’s cybersecurity. At a time when many employees are working from home due to the COVID-19 pandemic, cybercriminals have more of an opportunity to strike. This may be the result of teleworkers not following guidelines on how to select and maintain strong passwords for a secure work environment.
Worryingly, 66% of Australians surveyed by GetApp said they use the same passwords for multiple accounts. Whilst it might be convenient and easy to remember, reusing the same password is a bad idea when it comes to online cybersecurity.
According to the Australian Cyber Security Centre (ACSC), weak passwords (such as a simple word with a number added like “airplane123”) are also easy for a cybercriminal to guess. This is thanks to the automated software that hackers use. Using software tools, hackers can generate an overview of internet-connected devices, such as web servers, security cameras, and webcams.
Automated tools can pick out the most valuable information in databases, such as email addresses, passwords, and payment card details, which cybercriminals then sell for profit. Hackers can also automate breaking into accounts using a password cracking tool, which does all of the work for them. The ACSC explains that if your password or PIN is stolen or guessed, a hacker can potentially:
- Send emails from your account
- Withdraw money from your bank account
- Change files on your computer, such as invoices
- Steal your identity
When asked about the reason behind changing passwords, 40% of Aussies surveyed by GetApp say they update their password when they receive a reminder. Only 32% of respondents change their passwords voluntarily on a regular basis, whereas 27% wait until they are forced to. 1% of survey respondents say they update their password only when they have forgotten it.
Regularly changing your password can stop someone from having frequent access to your data. The Australian Securities and Investments Commission (ASIC) recommends that you update your password between one to four times a year in order to protect your online accounts.
Respondents use a mixture of different techniques to remember passwords
There are many ways —both good and bad— to save passwords. Whilst it might be difficult enough to choose and remember one strong password, it is important that employees use more than one password for different accounts.
40% of Aussies surveyed by GetApp revealed they use a phrase or pattern that they can easily remember when creating a new password. This works best if users adhere to the password security guidelines (as seen below) and choose a paraphrase that is difficult to guess. Similarly, 32% of survey respondents use personal information, such as a pet name or an address as a way to remember their password. Using a simple or obvious word can make it easy for hackers to crack.
Shockingly, the online publication CyberNews shares that one of the most common passwords used globally to date in 2021 is still “password” or the classic number combination “123456”. A 2018 security audit from the Western Australian government reviewed 234,000 government agency accounts and identified 60,000 users that were using extremely weak passwords. The most commonly used weak password was “Password123” —used by 1,464 government workers.
23% of survey respondents said they write their passwords down on paper, which might be okay depending on where they store them. It is not uncommon for staff to keep passwords written on a Post-It note on their computer monitor. This, of course, makes for poor password management.
Only 14% of survey respondents use a password manager app, which is a more reliable way to store passwords. With most password management software, one master password is required so that users can access all of their passwords, which are stored in a vault and often monitored to check their security. This can be especially useful if you are a forgetful person as you only need to remember one password instead of multiple.
5% of Aussies surveyed selected “other” as a method to remember their passwords. When asked to elaborate, most respondents say they rely on their memory. In theory, this might be a good idea as a hacker cannot read your mind, reality, however, may prove otherwise. If adhering to recommended password guidelines —e.g. using a long password with a mixture of random letters and numbers or different passwords for numerous accounts— it might be tricky to recall them all!
The benefits of password managers
Adopting tools such as password management software can improve password management amongst staff and, most importantly, prevent cyberattacks. Password managers are an easy way to safeguard information and also protect someone from inadvertently giving away private details. Some of the benefits of password management tools include:
- Users only need to remember one master password
- The apps can generate random passwords
- It provides an easy way to login to accounts
- Users can easily change or reset passwords
- The tools often offer a convenient autofill feature
- Users can share passwords safely via encryption
Over 80% of Aussies use two-factor authentication for both work and personal accounts
Multi-factor authentication (MFA) is another tool that gives an added level of security to protect against phishing and to stop hackers from exploiting weak or stolen credentials. Using MFA means that a password alone is not enough to authenticate a login attempt. It meets regulatory compliance and is an easy and effective solution for cybersecurity.
Multi-factor authentication is a method that requires a user to provide two or more pieces of evidence that verify their identity in order to access a digital account. Usually, this involves using something that you have (a bank card), something you know (the PIN on your bank card or email password), or something that you are (biometrics, such as a fingerprint).
A total of 84% of Australians surveyed by GetApp use two-factor authentication (2FA) for work applications. 54% in this group say they use it “whenever it is available” and 30% say they “sometimes” use it. Similarly, when asked about 2FA for personal use, with financial or social media accounts, a combined total of 89% of Aussies say they use it “whenever it is available” (51%) or “sometimes” (38%).
We asked survey participants which multi-factor authentication methods they use when accessing their online accounts. 86% of respondents use a code that is sent to their mobile phone as an added safety measure. A further 86% of respondents said they answer a security question, and 85% enter a code that is sent to their email address. Only 14% of respondents use biometric authentication, such as a fingerprint scan or facial recognition, for example, as a method of MFA.
Password security guidelines
Adhering to the following security guidelines can help keep your data safe from hackers. In this section, we share tips on how to best handle password management.
1. Don’t reuse or recycle passwords: it may be convenient to use the same password across multiple websites and accounts, but password reuse only makes it easier for hackers to get their hands on your private information. If you use a password from one site to the next, a breach on one site will mean that all of your accounts are compromised.
2. Don’t write passwords down: writing your password on paper and storing it somewhere safely under lock and key at home is okay. However, it is not advisable in an office environment, especially if left on your desktop or computer monitor. It is also advised not to write all of your passwords in the same notebook.
3. Don’t share passwords: giving anyone else access to your login credentials means that your account is no longer secure. Even if you trust the person with whom you share your password, they might not keep it in a secure location or their own device may not be safe.
4. Avoid using passwords known to be stolen: there are some passwords that are still commonly used even though they have been discovered in data breaches. Examples include ‘passw0rd’ and ‘qwerty’. In knowing this, creating a unique password with a combination of letters in upper and lower case with numbers is the safer option. Some websites allow you to check if your password has been compromised before.
5. Use a password manager: this is the best way to protect your credentials because a password manager stores a master password and all of your other passwords in one secured location with an encrypted key. Most password manager apps can create and remember complicated passwords that will protect all of your online accounts. These generated passwords are unique and difficult to crack.
6. Use passphrases as a password: a passphrase is a sentence rather than a collection of numbers or a random word. A good passphrase should be difficult to guess and usually consists of an easy-to-remember phrase. For example, “I love chocolate” could be used as “i<3ch0c0L8mmm”.
7. Use two-factor authentication (2FA): this is a type of multi-factor authentication and is an extra added layer of security for accessing an account. Firstly, you will be required to enter your username and password and then provide an extra piece of information, such as a pin number, the answer to a secret question, or a code, to access your account.
It is highly recommended to explore using a password manager and multi-factor authentication as added layers of protection against cyberattacks. Whilst there are different varieties of password security software out there, here are some free password manager tools to help get you started.
Data for the GetApp Biometric Technology and Password Management Australia Survey 2021 was collected in June 2021. The sample comes from an online survey of 1,005 respondents who live in Australia. The respondents were of the age groups 18 to 25 years, 26 to 34 years, 35 to 49 years, 50 to 64 years, and 65 and above years.