Most Americans are cyber-victims, fear a major attack...and write their passwords down on paper
Click for report
A stunning number of Americans say they've been victimized by a digital crime, like credit card fraud (41 percent). But even more say they write their passwords down on a piece of paper (49 percent).
In fact, Americans have a lot of bad digital habits. Some 41% say they have given their password to a friend or family member (you shouldn't); 39 percent use the same password across their accounts (you really shouldn't); 28% don't bother putting a lock screen on their smartphones (that's a terrible idea); and nearly one in five say their MAIN tool for keeping track of passwords is...paper.
The data comes from a new Pew Research Center survey which labels these unsafe folks "password challenged."
More about the challenged: Some 39 percent of Americans say they have a hard time keeping track of passwords -- and 25% say they use less secure passwords because they are easier to remember.
It's not that people aren't scared. Most expect bad things to happen. Most Americans anticipate major cyberattacks in the next five years on the nation’s public infrastructure (70% expect that this will happen) or banking and financial systems (66%), Pew said.
And it's not because bad things haven't ALREADY happened. Really bad things. To a lot of people.
*35% have received notices that some type of sensitive information (like an account number) had been compromised.
*16% say that someone has taken over their email accounts
*13% say someone has taken over one of their social media accounts.
But this might be the most stunning find of all in the Pew report.
"Americans who have personally experienced a major data breach are generally no more likely than average to take additional means to secure their passwords," it says.
I'd call this a clear example of something sociologists call "learned helplessness."
I've seen findings like this before in the related world of privacy. Most folks want more privacy, but feel helpless in their efforts do get it, and have no idea what to do to get it. Security has a similar problem. It's not clear what people can do to keep their online accounts safer, other than not falling for phishing attacks. Many times, consumers are victims and there wasn't anything they could have done -- as when there is a large-scale database hack from a previously reputable website.
Understood in that light, it's rational for consumers to go on and live their lives without the ongoing hassle of remembering 12-character passwords. Why make your day-to-day life harder if in the end, you aren't safer anyway?
Then there's this: Perhaps the world's foremost security writer has been suggesting that people write their passwords down on a piece of paper for years. Really.
"People can no longer remember passwords good enough to reliably defend against dictionary attacks, and are much more secure if they choose a password too complicated to remember and then write it down," Schneier wrote....back in 2005. "We're all good at securing small pieces of paper. I recommend that people write their passwords down on a small piece of paper, and keep it with their other valuable small pieces of paper: in their wallet."
I’m going to go out on a limb and say that most people who admitted using paper in Pew’s study aren’t doing so in order to use a highly complex password. (I wish Pew had asked that question). So if that’s you, at least use your paper trick to enhance your personal security. In the end, what the world needs is to finally move away from user/password combinations as the way we secure everything. And on that front, the Pew study offers a tiny bit of hope. Slightly more than half (52%) tell they use two-step authentication on at least some of their online accounts. And that is a step in the right direction.
If you've read this far, perhaps you'd like to support what I do. That's easy. Buy something from my NEW LIBRARY AND E-COMMERCE PAGE, Sign up for my free email list, click on an advertisement, or just share the story.