SecureAuth Survey: Majority of Americans Reuse Passwords and Millennials Are the Biggest Culprits

IRVINE, Calif., July 19, 2017 -- SecureAuth Corp., the leader in adaptive access control, today announced results of a survey that reveal Americans’ online security anxiety is real, but their password practices remain sloppy. The report says Americans are much more likely to be concerned with their online personal information being stolen (69 percent) than their wallet being stolen (31 percent).

The survey, conducted in conjunction with Wakefield Research, also found that Americans are breaking some of the most basic rules of online security. Despite the commonly known rule to vary account passwords, 81 percent of people surveyed use the same password for more than one account, and this increases among millennials where 92 percent say they use the same password across multiple accounts. Shockingly, more than a third (36 percent) report they use the same password for 25 percent or more of their online accounts.

Poor Password Hygiene Leads to Online Attacks
The survey revealed most Americans (91 percent) who have had an online account breach have felt the severe repercussions. These include:

• Spam messages sent from an account – 42 percent
• Account lockout – 38 percent
• Money stolen through a withdrawal or unauthorized purchase – 28 percent
• Personal information, such as a social security number or date of birth, stolen – 19 percent
• Sensitive personal files, such as photos or tax records, made public – 19 percent

“It comes as no surprise that there is a direct result of users’ poor password habits and users experiencing the consequences of a breach,” said Jeff Kukowski, CEO of SecureAuth. “We know attackers are having great success with breaches involving the misuse of stolen or weak credentials. These survey results solidify what experts in identity security know to be true: Organizations need to strengthen their security posture but also provide a seamless customer experience. It is important the security solutions employed strike the right balance. Since many consumers are not taking security into their own hands, it’s important for organizations to protect customer data, giving customers confidence that their data is being taken care of while still providing an ease of use to their service.”

Consumer Access Security Intent vs. Consumer Access Security Reality
Although consumers consistently make themselves vulnerable by reusing the same password, a majority (86 percent) say they would use two-factor authentication (2FA) if an online account made the option available. However, there could be a vast difference between what users say they would do with good intent, and what users would actually do. Two-factor authentication is well known to cause user disruptions to routines with continued authentication demands. And the security implements aren’t any better. In fact, high-profile breaches that continue to create headline news – such as the Yahoo, LinkedIn and OneLogin breaches – have shown that many 2FA and basic multi-factor authentication methods, such as knowledge-based questions and SMS-based one-time passwords, are being circumvented by attackers in well-crafted phishing attacks and simple social engineering.

The survey results also revealed that 75 percent of Americans believe a portion of their personal online accounts are protected by 2FA. This includes, banking/financial (52 percent), email (39 percent), and social media (27 percent). 

“Attackers are continuously bypassing 2FA and simple multi-factor authentication methods using unsophisticated tactics and walking through the front door with users’ credentials,” Kukowski said. "Organizations must deploy methods to better secure consumers and see potential credential-related threats without relying upon the users themselves. Adaptive access control and identity-based detection techniques such as geo-location, device recognition and phone number fraud prevention work invisibly to the user simultaneously strengthening security and providing a positive customer experience. While enabling the business, this modern approach protects and detects attackers’ attempts and prevents the misuse of stolen credentials. After all, it is in everyone’s best interest – from consumers to organizations and the government – to make it difficult for attackers to cause damage to the U.S. economy.”

Survey Methodology
The SecureAuth Survey was conducted by Wakefield Research (www.wakefieldresearch.com) among 1,000 nationally representative U.S. adults, ages 18+, between May 17 and May 24, 2017, using an email invitation and an online survey.

About SecureAuth
SecureAuth is the leader in adaptive access control solutions, empowering organizations to prevent the misuse of stolen credentials. SecureAuth has been providing SSO and MFA solutions for over a decade. For the latest insights on adaptive access control, follow the SecureAuth blog; follow @SecureAuth on Twitter and LinkedIn; or visit www.secureauth.com.

SecureAuth is a registered trademark in the United States and/or other countries.

Media Contact:
Cassie McAllister
SHIFT Communications
[email protected]
415-591-8402