“Hey, can I borrow your Netflix password? There’s this show I just have to watch and I don’t have an account!” Sound familiar? Or maybe you’ve been asked, “What’s your phone password? I just want to see something.”
Chances are, you’ve had a conversation at some point about sharing your account passwords. Passwords are ubiquitous in ways they weren’t a generation ago, and sharing passwords seems to be becoming more common, too.
But regardless of whether we decide to share our passwords or not, the first trick is to remember what the password for any given account is. With autofill, password savers, and dozens of different credentials to remember each day, it’s no wonder resetting our passwords is so common.
We surveyed over 1,000 people to better understand the practices and mindset behind password creation, storage, and sharing. The results reveal as much about our personal choices as they do our attitudes toward cybersecurity.
Chances are, you’ve had a conversation at some point about sharing your account passwords. Passwords are ubiquitous in ways they weren’t a generation ago, and sharing passwords seems to be becoming more common, too.
But regardless of whether we decide to share our passwords or not, the first trick is to remember what the password for any given account is. With autofill, password savers, and dozens of different credentials to remember each day, it’s no wonder resetting our passwords is so common.
We surveyed over 1,000 people to better understand the practices and mindset behind password creation, storage, and sharing. The results reveal as much about our personal choices as they do our attitudes toward cybersecurity.
These days, you need a password for everything. And chances are, the password you’re creating needs to have numbers and letters, a special character, and include upper and lowercase letters. All those variations and accounts add up, so that on average, a person now has 20 different passwords to manage their daily online tasks.
It can be hard to remember and juggle all those different passwords. We found that 42% say they don’t know all of their current passwords by heart. And what happens when you can’t remember a password? You have to reset it. Not surprisingly, nearly 1 in 5 have to reset passwords due to forgetting what they were.
What do your passwords look like? While more people are using automatic passwords filled with non-linear numbers and letters, many people still combine common phrases, birthday, addresses, and names of family members to construct their most common passwords.
Which is why our survey respondents noted that they can be a little embarrassed by their password choices. More than 1 in 10 report being embarrassed by their passwords, while more than 3 in 10 are embarrassed by old account usernames. So you’re not alone in feeling just a bit ashamed by your SassyLassy112 handle on MySpace and AIM back in the day.
“What people may not consider is that all of our personal practices around cybersecurity ultimately form the behaviors we carry into our work practices, even more so now that we work remotely or from home,” says Anders Norremo, Founder and CEO of ThirdPartyTrust.
“So while we may be ‘embarrassed’ by our passwords or how often we share or forget them, these attitudes become serious when companies rely on employees to protect their data, and the data of all of the other companies they work with,” Norremo adds.
Internet users, after all, are often employees, and these employees often work for third party vendors working with much bigger companies (and their data.) It’s why credentials are so important to Norremo and ThirdPartyTrust, who help companies automate risk management processes and protect third party vendors and enterprise businesses from unmitigated exposure to risk.
With advances in technology come advances in security and passwords. You don’t even need to type in a code in your phone anymore when your face can be a password with functions like Apple’s Face ID. But that security system isn’t for everyone. In fact, only 36% prefer using their face over typing a code or password.
It can be hard to remember and juggle all those different passwords. We found that 42% say they don’t know all of their current passwords by heart. And what happens when you can’t remember a password? You have to reset it. Not surprisingly, nearly 1 in 5 have to reset passwords due to forgetting what they were.
What do your passwords look like? While more people are using automatic passwords filled with non-linear numbers and letters, many people still combine common phrases, birthday, addresses, and names of family members to construct their most common passwords.
Which is why our survey respondents noted that they can be a little embarrassed by their password choices. More than 1 in 10 report being embarrassed by their passwords, while more than 3 in 10 are embarrassed by old account usernames. So you’re not alone in feeling just a bit ashamed by your SassyLassy112 handle on MySpace and AIM back in the day.
“What people may not consider is that all of our personal practices around cybersecurity ultimately form the behaviors we carry into our work practices, even more so now that we work remotely or from home,” says Anders Norremo, Founder and CEO of ThirdPartyTrust.
“So while we may be ‘embarrassed’ by our passwords or how often we share or forget them, these attitudes become serious when companies rely on employees to protect their data, and the data of all of the other companies they work with,” Norremo adds.
Internet users, after all, are often employees, and these employees often work for third party vendors working with much bigger companies (and their data.) It’s why credentials are so important to Norremo and ThirdPartyTrust, who help companies automate risk management processes and protect third party vendors and enterprise businesses from unmitigated exposure to risk.
With advances in technology come advances in security and passwords. You don’t even need to type in a code in your phone anymore when your face can be a password with functions like Apple’s Face ID. But that security system isn’t for everyone. In fact, only 36% prefer using their face over typing a code or password.
There was a time not so long ago when you needed just a 5-letter word to be your password. Then you needed at least 8 letters, and then at least one upper-case letter and a unique character. It’s not just you: password requirements have gotten longer and more complicated, so it’s no surprise that 63% say they do just the bare minimum of requirements to make a password acceptable to a system. In fact, we prefer to be told when our efforts are good enough: 2 in 5 add that they prefer when there’s a status bar showing if the password is strong enough or too weak.
Sometimes a website can make it very easy to log in and will use your Facebook or Google account information, rather than having to make a new account and password. Half of the people we surveyed said they use their Google or Facebook accounts to log into third party sites, while the other half prefer to create a new account with an email address.
For some, the type of account they’re creating may impact how they create a password. Our survey showed that 58% say they use a strong password for sites such as health or financial institutions, while 42% might use the same password for Facebook as they do their bank account.
But most alarmingly, 3 in 10 have reported being hacked, and people say they’re most afraid of their financial accounts being hacked, followed by social media accounts.
With all the data leaks and concerns over hacking, it makes sense that people are cautious when it comes to browsers and storing their passwords. Almost half (45%) use the autofill function for online accounts to remember their passwords, while 22% store a written list. People also use password managers such as LastPass, Bitwarden, or 1Password.
Sometimes a website can make it very easy to log in and will use your Facebook or Google account information, rather than having to make a new account and password. Half of the people we surveyed said they use their Google or Facebook accounts to log into third party sites, while the other half prefer to create a new account with an email address.
For some, the type of account they’re creating may impact how they create a password. Our survey showed that 58% say they use a strong password for sites such as health or financial institutions, while 42% might use the same password for Facebook as they do their bank account.
But most alarmingly, 3 in 10 have reported being hacked, and people say they’re most afraid of their financial accounts being hacked, followed by social media accounts.
With all the data leaks and concerns over hacking, it makes sense that people are cautious when it comes to browsers and storing their passwords. Almost half (45%) use the autofill function for online accounts to remember their passwords, while 22% store a written list. People also use password managers such as LastPass, Bitwarden, or 1Password.
One thing is clear from our survey: passwords are seen in personal terms, not in impersonal (and important) cybersecurity terms. This means people see passwords (and their impact) only in terms of how it will affect them personally.
For example, although nearly everyone says that they’re comfortable sharing a streaming service password, only about 2 in 5 (38%) say they actually share those passwords. With whom are people sharing? The majority share with their significant other, their parents, or a close friend. And while the relationship may be over it’s not always final when it comes to streaming, a few people say they still share a password with an ex.
For example, although nearly everyone says that they’re comfortable sharing a streaming service password, only about 2 in 5 (38%) say they actually share those passwords. With whom are people sharing? The majority share with their significant other, their parents, or a close friend. And while the relationship may be over it’s not always final when it comes to streaming, a few people say they still share a password with an ex.
56% of respondents say Netflix’s recent threat of cracking down on shared passwords is “unfair.” Considering 65% admit to currently sharing a streaming account with someone, this isn’t a surprise. But if Netflix does kick them out, that doesn’t mean they’ll open their own accounts. 57% will not pay for their own account if password sharing was banned.
Partners tend to share everything, including passwords. Almost half (45%) say they know their significant other’s passwords, including their phone’s lock code. In addition to a phone’s code, partners are reportedly sharing passwords to banking, utility, work and email accounts.
Despite all this sharing, 69% say they don’t share social media account passwords with their partner. And for new lovers, there isn’t that same level of trust when it comes to passwords. When the beginning of the relationship is new, 63% of people say they’re more comfortable having sex than sharing a password.
Password protection is key, regardless of how you create, manage, or share your passwords. However, this survey sheds particular light on the need for users to view passwords more broadly, especially as their employers often interface with other companies’ data, making even seemingly personal choices a much larger issue worth exploring.
Methodology
In January 2022, we surveyed 1,107 Americans to get their feedback on passwords and password sharing. Respondents were 49% male and 48% female, with an age range of 18 to 80, with an average age of 36 years old.
Written by marketing@thirdpartytrust.com. For media inquiries, contact media@digitalthirdcoast.net.
Fair Use
When using this data and research, please attribute it by linking to this study and citing http://www.thirdpartytrust.com.
Chris Gerben
VP of Marketing