Americans and Password Security

Cybersecurity. Data protection. Online privacy. Increasingly, these “buzzwords” have become top-of-mind issues for Americans, as large-scale breaches continue to pervade the news cycle.

Zapp2Photo / iStock / Getty Images Plus / Getty Images

In 2017, big hacks like the Equifax breach, which affected 145.5 million Americans and was touted as one of the worst breaches in modern memory, demonstrated just how vulnerable our data is. Others, like last year’s Instagram hack and Gmail phishing scam, showed us how easily the applications we use every day can be targeted.

It’s not just hacks in the news cycle that are changing the way we view cybersecurity — it’s real-life experiences, as well. According to Pew Research Center’s Americans and Cybersecurity study, 64 percent of Americans have experienced some some form of data theft in their lives, ranging from fraudulent credit cards to compromised social media and email accounts. These personal run-ins with breaches have changed the way we view our privacy and data security. roughly half of Americans think their personal data is less secure compared with five years ago.

What’s more, we’ve lost trust in the ability of institutions to keep our information safe. The Pew Research Center reports that 51 percent of Americans don’t trust social media sites to protect their data. Forty-nine percent reported saying the same thing about the federal government.

Clearly, the way we view data security is changing. But is it having an effect in how we operate in our own digital lives? That’s the question Varonis set out to answer in their recent password security study, which surveyed 1,000 Americans to learn more about their password habits.

The answer was overwhelmingly — and surprisingly — “no.” Despite the real-life run-ins of many Americans with data theft, the study found that the majority aren’t following best practices in their digital lives. For example, the most common reason to change a password is simply that they’ve been forgotten: 51 percent of people admitted to only changing their passwords when they couldn’t remember them. Additionally, 17 percent of people admitted to never changing their passwords — a practice largely against password best practices.

Despite the fact that Americans are becoming more aware of cyber breaches — and that they actually expect for them to become a “fact of life” in the future — only 1 in 5 Americans said they change their password as a result of hearing about a hack.

Password management is another area Americans are failing at; according to the study, 57 percent of people remember their passwords through memorization, despite that strong passwords should be complex and vary from site to site. Additionally, 25 percent of people allow their browsers to save their passwords and 11 percent track passwords through pen and paper. Only 7 percent of respondents use password management software, the most recommended method by cybersecurity experts.

Overall, there seems to be a large discrepancy in the real-life cybersecurity experiences of Americans and the way they operate in their digital lives. To learn more about the password habits of Americans, check out the full infographic from Varonis.


Rob SobersRob Sobers is a Sr. Director at cybersecurity firm Varonis. He has been writing and designing software for over 20 years and is co-author of the book Learn Ruby the Hard Way, which has been used by millions of students to learn the Ruby programming language. Prior to joining Varonis in 2011, Rob held a variety of roles in engineering, design, and professional services.

For more information on Varonis, check out the following links: