• CUSTOMER LOGIN
  • Products
    • TPRM by ThirdPartyTrust
    • Beacon by ThirdPartyTrust
  • Resources
    • Blog
    • Strategy Guides
    • Case Studies
    • Data Sheets
    • Webinars
    • API
  • Company
    • About us
    • Partners
    • Product Security
    • Privacy Policy
REQUEST DEMO
  • Products
    • TPRM by ThirdPartyTrust
    • Beacon by ThirdPartyTrust
  • Resources
    • Blog
    • Strategy Guides
    • Case Studies
    • Data Sheets
    • Webinars
    • API
  • Company
    • About us
    • Partners
    • Product Security
    • Privacy Policy
REQUEST DEMO
  • CUSTOMER LOGIN
  • Products
    • TPRM by ThirdPartyTrust
    • Beacon by ThirdPartyTrust
  • Resources
    • Blog
    • Strategy Guides
    • Case Studies
    • Data Sheets
    • Webinars
    • API
  • Company
    • About us
    • Partners
    • Product Security
    • Privacy Policy
REQUEST DEMO
  • CUSTOMER LOGIN
  • Products
    • TPRM by ThirdPartyTrust
    • Beacon by ThirdPartyTrust
  • Resources
    • Blog
    • Strategy Guides
    • Case Studies
    • Data Sheets
    • Webinars
    • API
  • Company
    • About us
    • Partners
    • Product Security
    • Privacy Policy
REQUEST DEMO
  • Products
  • TPRM by ThirdPartyTrust
  • Beacon by ThirdPartyTrust
  • Solutions
  • Risk Assessment Automation
  • Security Questionnaire Automation
  • Shadow IT Management
  • Zero Day Remediation
  • Integrations
  • Industries
    • Financial
    • Energy
    • Healthcare and Hospitals
    • Legal
    • Life Sciences
    • Manufacturing Industry
    • Retail
    • Technology
    • Other Industries
  • Pricing
  • Resources
  • Blog
  • Strategy Guides
  • Case Studies
  • Data Sheets
  • Webinars
  • Dictionary
  • API
  • Company
  • About us
  • Careers
  • Partners
  • Partners Login
  • Product Security
  • Privacy Policy

To Share or Not to Share? The State of Passwords

Published by Chris Gerben on February 7, 2022
Categories
  • Blog
  • Shadow IT
Tags
“Hey, can I borrow your Netflix password? There’s this show I just have to watch and I don’t have an account!” Sound familiar? Or maybe you’ve been asked, “What’s your phone password? I just want to see something.”
Chances are, you’ve had a conversation at some point about sharing your account passwords. Passwords are ubiquitous in ways they weren’t a generation ago, and sharing passwords seems to be becoming more common, too.
But regardless of whether we decide to share our passwords or not, the first trick is to remember what the password for any given account is. With autofill, password savers, and dozens of different credentials to remember each day, it’s no wonder resetting our passwords is so common.
We surveyed over 1,000 people to better understand the practices and mindset behind password creation, storage, and sharing. The results reveal as much about our personal choices as they do our attitudes toward cybersecurity.
 
ThirdPartyTrust – Passwords_Graphic 1
These days, you need a password for everything. And chances are, the password you’re creating needs to have numbers and letters, a special character, and include upper and lowercase letters. All those variations and accounts add up, so that on average, a person now has 20 different passwords to manage their daily online tasks.
It can be hard to remember and juggle all those different passwords. We found that 42% say they don’t know all of their current passwords by heart. And what happens when you can’t remember a password? You have to reset it. Not surprisingly, nearly 1 in 5 have to reset passwords due to forgetting what they were.
What do your passwords look like? While more people are using automatic passwords filled with non-linear numbers and letters, many people still combine common phrases, birthday, addresses, and names of family members to construct their most common passwords.
Which is why our survey respondents noted that they can be a little embarrassed by their password choices. More than 1 in 10 report being embarrassed by their passwords, while more than 3 in 10 are embarrassed by old account usernames. So you’re not alone in feeling just a bit ashamed by your SassyLassy112 handle on MySpace and AIM back in the day.
“What people may not consider is that all of our personal practices around cybersecurity ultimately form the behaviors we carry into our work practices, even more so now that we work remotely or from home,” says Anders Norremo, Founder and CEO of ThirdPartyTrust.
“So while we may be ‘embarrassed’ by our passwords or how often we share or forget them, these attitudes become serious when companies rely on employees to protect their data, and the data of all of the other companies they work with,” Norremo adds.
Internet users, after all, are often employees, and these employees often work for third party vendors working with much bigger companies (and their data.) It’s why credentials are so important to Norremo and ThirdPartyTrust, who help companies automate risk management processes and protect third party vendors and enterprise businesses from unmitigated exposure to risk.
With advances in technology come advances in security and passwords. You don’t even need to type in a code in your phone anymore when your face can be a password with functions like Apple’s Face ID. But that security system isn’t for everyone. In fact, only 36% prefer using their face over typing a code or password.
 
ThirdPartyTrust – Passwords_Graphic 2
There was a time not so long ago when you needed just a 5-letter word to be your password. Then you needed at least 8 letters, and then at least one upper-case letter and a unique character. It’s not just you: password requirements have gotten longer and more complicated, so it’s no surprise that 63% say they do just the bare minimum of requirements to make a password acceptable to a system. In fact, we prefer to be told when our efforts are good enough: 2 in 5 add that they prefer when there’s a status bar showing if the password is strong enough or too weak.
Sometimes a website can make it very easy to log in and will use your Facebook or Google account information, rather than having to make a new account and password. Half of the people we surveyed said they use their Google or Facebook accounts to log into third party sites, while the other half prefer to create a new account with an email address.
For some, the type of account they’re creating may impact how they create a password. Our survey showed that 58% say they use a strong password for sites such as health or financial institutions, while 42% might use the same password for Facebook as they do their bank account.
But most alarmingly, 3 in 10 have reported being hacked, and people say they’re most afraid of their financial accounts being hacked, followed by social media accounts.
With all the data leaks and concerns over hacking, it makes sense that people are cautious when it comes to browsers and storing their passwords. Almost half (45%) use the autofill function for online accounts to remember their passwords, while 22% store a written list. People also use password managers such as LastPass, Bitwarden, or 1Password.
 
ThirdPartyTrust – Passwords_Graphic 3
One thing is clear from our survey: passwords are seen in personal terms, not in impersonal (and important) cybersecurity terms. This means people see passwords (and their impact) only in terms of how it will affect them personally.
For example, although nearly everyone says that they’re comfortable sharing a streaming service password, only about 2 in 5 (38%) say they actually share those passwords. With whom are people sharing? The majority share with their significant other, their parents, or a close friend. And while the relationship may be over it’s not always final when it comes to streaming, a few people say they still share a password with an ex.
56% of respondents say Netflix’s recent threat of cracking down on shared passwords is “unfair.” Considering 65% admit to currently sharing a streaming account with someone, this isn’t a surprise. But if Netflix does kick them out, that doesn’t mean they’ll open their own accounts. 57% will not pay for their own account if password sharing was banned.

Partners tend to share everything, including passwords. Almost half (45%) say they know their significant other’s passwords, including their phone’s lock code. In addition to a phone’s code, partners are reportedly sharing passwords to banking, utility, work and email accounts.
Despite all this sharing, 69% say they don’t share social media account passwords with their partner. And for new lovers, there isn’t that same level of trust when it comes to passwords. When the beginning of the relationship is new, 63% of people say they’re more comfortable having sex than sharing a password.
Password protection is key, regardless of how you create, manage, or share your passwords. However, this survey sheds particular light on the need for users to view passwords more broadly, especially as their employers often interface with other companies’ data, making even seemingly personal choices a much larger issue worth exploring.
 

The state of passwords


Learn how to protect your supply chain from exposed credentials.
GET THE GUIDE
tablet-passwords-3

Methodology


In January 2022, we surveyed 1,107 Americans to get their feedback on passwords and password sharing. Respondents were 49% male and 48% female, with an age range of 18 to 80, with an average age of 36 years old.
Written by marketing@thirdpartytrust.com. For media inquiries, contact media@digitalthirdcoast.net.

Fair Use


When using this data and research, please attribute it by linking to this study and citing http://www.thirdpartytrust.com.
Chris Gerben
Chris Gerben
VP of Marketing
    • Phone
      |+1-617-245-0469
    • Address
      |
      111 Huntington Ave, Suite 2010, Boston, MA 02199
    • Sales
      |sales@bitsighttech.com
    • Contact Us
    Laika_SOC2_TypeI_PurpleIris        CSA_Trusted_Cloud_Provider

    ©2022 ThirdPartyTrust, LLC and its Affiliates. All Rights Reserved. | 111 Huntington Ave. Suite 2010 Boston, MA 02199
    • BLOG
    • PARTNERS LOGIN
    • CONTACT US
    • PRIVACY POLICY
    We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept”, you consent to the use of ALL the cookies.
    Do not sell my personal information.
    Reject AllAccept
    Cookie Settings
    Manage consent

    Privacy Overview

    This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
    Necessary
    Always Enabled
    Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
    CookieDurationDescription
    cookielawinfo-checkbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
    cookielawinfo-checkbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
    cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
    cookielawinfo-checkbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
    cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
    viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
    Functional
    Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
    Performance
    Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
    Analytics
    Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
    Advertisement
    Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
    Others
    Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
    SAVE & ACCEPT