We Still Don’t Protect Ourselves – Some Password Statistics

It’s absolutely everywhere.  Every account we have, every time we sign up for something online; “Choose a strong password”.  The vast majority of us know that strong passwords are one of the most important aspects to keeping our lives in cyberspace secure, and yet, it seems we’re hell bent on continuing to do the virtual equivalent of ‘leaving the key in the lock’.

This is the first of two posts about passwords in which I’m going to look at what we use to keep our data secure and why we choose it. I’ll then finish off with a third post, containing a guide to help you choose the strongest passwords possible.

Our End-User Password Habits
To help us put things in perspective a little, I’m going to take a look at some end-user password related statistics.

In 2014, 2 people in every 5 reported that they;

• had an account hacked.
• Had a password stolen
• Had received a notice that their information had been compromised.

That means that 40% of us were subjected to some form of successful attempt on our personal information that, in some way, was connected with a breach of our password.

So why is that?  Well, we’re largely creatures of habit and;

• 47% of us are using a password that’s more than 5 years old
• And 21% of us are using a password that’s more than 10 years old

(Note: That means that 47% of us are still using passwords that we created before the first I-Pad was released!)

And, as if that wasn’t a significant enough a problem in itself, we use the same passwords over and over again;

• 73% of our online accounts are guarded through the use of duplicated passwords
• 54% of us use 5 passwords or less across our entire virtual lives.

Lastly, we aren’t very original about the passwords we use.  The top 5 passwords of 2014 were;

• 123456
• password
• 12345
• 12345678
• qwerty

Note: Interestingly,  when I was teaching Computer Safety to teenagers back in 2014 and using statistics like these that came from 2010/2011, the same passwords were appearing in these types of lists ,all be it in a slightly different order.

Safe Business?
There’s a common misconception that it’s only the largest businesses who are subjected to malicious cyber attacks and that, in the vast majority of cases, businesses ‘have our back’.

In actuality, 80% of businesses reported that they had been subject to a malicious attack in 2015, leading to an estimated 480 million personal records having been leaked.

From the Hackers Point of View
The time that it will take a hackers computer to be able to break your password totally depends on how long and complex it is.

• Password Length: 6 Characters
  • Only lowercase letters: 10 minutes.
  • Lowercase & uppercase letters: 10 hours.
  • Lowercase, uppercase, numbers and symbols: 18 days
• Password Length: 7 Characters
  • Only lowercase letters: 4 hours
  • Lowercase & uppercase letters: 23 days
  • Lowercase, uppercase, numbers and symbols: 4 years
• Password Length: 8 Characters
  • Only lowercase letters: 4 days
  • Lowercase & uppercase letters: 3 years
  • Lowercase, uppercase, numbers and symbols: 463 years
• Password Length: 9 Characters
  • Only lowercase letters: 4 months
  • Lowercase & uppercase letters: 178 years
  • Lowercase, uppercase, numbers and symbols: 44,530 years.

It’s important to note that this figures are based on a totally unique and original password that does not appear on the most common password lists.

Of course, there’s an infinite supply of information and statistics related to passwords and how they’re broken available on the internet.  I’ve taken a few samples and tried to present them in a way that’s pretty easy to follow.

Everything I’ve seen though, and I mean everything, all points in the same direction:

We need to make sure our passwords are stronger and more complicated.