Many Internet users do not change their password, even after a hack
Nearly two-thirds of website users do not change their password when it announces that it has been hacked. This is according to a recent study conducted by researchers at Cylab, the Security and Privacy Institute at Carnegie Mellon University.
Few Internet users react after a hack
Among them, 63 were users of one or more websites who announced that they had been victims of data breaches. But only 21 of them (33%) changed their password accordingly on the sites in question. 6 only did so more than 3 months after the hack was announced.
31 of 49 Yahoo! users haven’t even changed their login credentials on this site. However, Oath (the parent company of Yahoo!) indicated in October 2017 that all of its users had been affected by a data theft committed in August 2013.
researchers also found that only 9 out of 21 people strengthened the protection of their account by creating a stronger password than the previous one. The others entered a new password of equal or even lower strength. Some people reused strings of characters that were already present in their old password. Others copied a password already used on another site.
Passwords that are too vulnerable
According to the researchers, these behaviors show that users are not sufficiently aware of the need to choose unique and good passwords. They point the finger at companies that are victims of hacks, which they accuse of “never inviting people to change passwords that are identical or close to those they have set on other accounts”.
These results are based on a relatively small sample of subjects. But they’re probably pretty realistic, because they’re based on real traffic. Indeed, researchers usually use surveys, which opens the door to inaccurate statements.
Our 3 password recommendations
Given the large number of sites we have to log into on a daily basis, it can be tempting to simplify our lives by using the same password each time. But your business probably can’t afford to ignore the risks associated with this practice.
Complex passwords
Some hackers practice what are called “brute force attacks”. Using software, they test the different possible combinations of numbers and letters one by one in order to find the password of a given user.
This is why you must require the creation of fairly long passwords (at least 8 characters), combining numbers, letters and special characters. The more complex they are, the less “crackable” they are by this software.
Also make sure that the passwords created are meaningless. Indeed, some hacking software tests all the words in the dictionary. Likewise, you should avoid dates of birth, children’s first names, and other “family” data that a clever hacker could easily obtain.
Use a password manager
Password managers are applications designed to generate and store all your login credentials. Every time you log in to a site, the manager automatically fills them in for you.
If this is a first registration, it will offer you a password, based on your specifications (total length, presence of special characters, numbers or capital letters, etc.).
In the end, you will only have one password to remember: that of the application itself, which allows you to open your “safe” connection identifiers.
These password managers are also offered in a mobile version. You can therefore surf indifferently on your desktop computer or your smartphone with the same identifiers.
Renew your passwords periodically
Finally, it is important to regularly change your passwords, especially on the most sensitive sites. Think about e-commerce sites that contain your banking data… A hacker with your credentials could very easily make purchases there.
Also Read: What Is A Banking Trojan, And How Do You Protect Yourself?
