Even after a computer hack, users continue to use the same passwords

According to a recent study (called "How Do People Change Their Passwords After a Breach? literally translated into French as "How do people change their passwords after an intrusion?" "), the result of which was presented in early June at the IEEE 2020 workshop on technology and consumer protection, it was demonstrated by researchers at Carnegie Mellon University's CyLab Institute of Privacy that more than 2-thirds of digital users, even after being victims of a security incident, , such as a data breach, continue to use the same password. That's who it is as only a third party respect the security measures and think about changing them.

This article will also interest you: 9 password hacking techniques

This result was not provided as a result of a survey conducted by consumers, but rather on a study based on user traffic on the Internet. They simply study web traffic data from more than a hundred users, collected by a group of the university, specialized in active research called opt-in (which involves encouraging users to register and share their history, for academic research purposes.). This research group is called Security Behavior Observatory in abbreviated SBO. Precisely 249 participants had their navigation data collected for the purpose of conducting the research. The collection took place between January 2017 and December 2018, i.e. 2 years. The information collected includes not only web traffic information, but also passwords that were used when connecting to various online accounts, not to mention what was stored in the browser.

After careful analysis of all the information collected, the researchers observed that of the 249 registered users, only 63 had online accounts, in areas that at least once made public statements about data breaches they would have suffered during the 2 years of data collection. Only 21 of the 63, or 23%, subsequently changed their password to the account of websites that were affected by one of the data. 15 of the 21 made the change only 3 months after the violation was reported.

The research team did not simply analyze this point alone, in fact, thanks to the data produced by the OSB, relating to passwords, it was possible to determine the content of the composition of the new passwords. Unfortunately, only 9 of the 21 users have managed to re-compose solid passwords. The others, had composed their passwords of which kind they were easily hackable. It was found that the other 12 used virtually the same sequences, which can be easily anticipated by hackers, or use passwords from some of their still active accounts, which were often stored on the browser.

In addition, one thing that this study has shown is that so far, many users are not adequately trained in password management, wording and modification. Because if a piece of advice has been repeated several times by computer security specialists, it is because it is very important, if not necessary, to use a unique password for each account. Those who unfortunately continue to fail. Although in a sense, the fault also lies with the hacked companies, which "almost never tell people to reset their similar passwords to other accounts." Noted the CyLab researchers

In the end, it should be noted that while the study was conducted on small users, it does reflect the most common practices and unsavory behaviours of users, because unlike conventional surveys, it is based on concrete facts, not answers given during interrogations that can often be portrayed with great subjectivity.

Now access an unlimited number of passwords:

Check out our hacking software