sb-au logo
Story image

Consumer password hygiene doesn't reflect cybersecurity threat in 2020

15 May 2020

As waves of new, more sophisticated cyber attacks become more prevalent in the wake of COVID-19 it’s becoming more apparent that risky password behaviour can lead to serious consequences.

It’s one of the basics of internet security hygiene, but according to a new report from Kaspersky, 83% of internet users think up their own passwords, while 54% say they are unaware about how to check if any of their credentials have already been leaked.

They’re still the most common form of authentication, but with the rising tide of cyber threats, passwords must also be strengthened in turn. While many may think their password is unique to them and next to impossible to guess, the reality is that if that if a hacker knows enough about a user, there’s a good chance they can guess their password.

According to Kaspersky’s report, 55% of users claim they remember all of their passwords - which can be difficult if security requirements such as password complexity and uniqueness are to be satisfied. 

Almost one in five (19%) keep them written in a file or document stored on their computer, while 18% use the browsers on their computers, smartphones, or tablets to store their passwords.

But of course, if any of these modes storage are compromised, potentially all of a user’s personal data stored in their password-protected accounts could be up for grabs.

“Consumers can monitor the spread of personal data, including which passwords might have been leaked,” says Kaspersky head of consumer product marketing Marina Titova.

“And this is not only for the sake of ‘just being aware’; it also allows individuals to take the right action to minimise any invasion of privacy – along with any wider consequences. 

“That’s why we at Kaspersky put a big focus on protecting consumer’s privacy.”

One way of bolstering password protection is knowing whether a password is at risk of breach.

For example, users can use services such as Have I Been Pwned?, where they can check if their passwords have been included in public leaks or data breaches without visiting the sketchier parts of the web.

To ensure the safety of personal data, Kaspersky recommends users:
  • Minimise the number of people who know your login information, and never leave passwords where others might find them – be it on paper or on a device. 
     
  • Find out if any passwords used to access online accounts have been compromised. The Account Check feature within Kaspersky Security Cloud allows users to check their accounts for potential data leaks. 
     
  • If one is detected, the solution provides information about the categories of data that may be publicly accessible so that the individual affected can take the appropriate action.