• Articles

  • Inclusion

Password management: increased awareness of risks, practices that persist

Published on 02 February 2017
Update on 26 September 2022
Download in PDF

Summary

As the primary means of authentication for online services, the password is increasingly criticized and put to the test. While the number of accounts and the sensitivity of the information they protect continue to grow, the password remains the key to accessing most digital services.

The development of digital uses requires users to manage multiple accounts and passwords in an increasingly complex manner.

An unorganized management of these passwords puts users at risk for their personal data:

  • Using the same password to access different services can compromise sensitive accounts, including the primary email address;
  • the tendency to share passwords increases the risk of identity theft;
  • the tendency to create passwords related to oneself (date of birth, children's first names, company name, etc.) makes them more vulnerable, especially in a context where it is easy to retrieve information about people online (social engineering);
  • the difficulty in memorizing a password that is too long leads to the use of simple passwords, a few characters, often common words, or to write them on paper (Source: CNIL)

Several recent surveys highlight a tension between increased awareness of the risks of identity theft and practices that persist.

Risk awareness does not eliminate "risky" practices

According to the BNP-CSA Digital Barometer, 48% of respondents use the same password to access their different accounts. However, 46% consider this practice "risky".

51% of respondents admit to having already checked the " Remember me" box to avoid entering a login and password each time they log in. 32% consider this practice "risky".

6.7 passwords used on average

Références :

The development of digital uses requires users to manage multiple accounts and passwords in an increasingly complex manner.

Rather than multiplying their passwords, users tend to use the same passwords to access different online services, according to a recent CNIL survey.

60% of Internet users are content to use between one and five passwords.

Variety of ways to remember passwords

Faced with the need to remember several passwords, codes and other complex numbers, users implement several methods, according to a survey conducted by CSA for Direct Matin.

31% of French people (53% among those 65 years and older) say they write them down on a piece of paper.

25% of French people (and 39% of 18-24 year olds) say they use their memory to remember their codes.

Other means are used by the French, such as repeating the same passwords (19%), using mnemonics (14%), and using special software (6%).

Still marginal use of password managers

Several password managers allow you to generate passwords that are difficult to guess or steal.

According to the CNILsurvey , these tools are still largely unknown and their use is still marginal.

Often lax password management on e-commerce sites

The Dashlane company, editor of a password management software, realizes every year a barometer of the security of e-commerce websites passwords. The sites are evaluated via a list of criteria (minimum length of the password, obligation to use an alphanumeric password, number of possible successive connection attempts, etc.). A note is then associated to each criterion and the total allows to attribute to the site a security score ranging between -100 and 100.

Of the 25 sites analyzed in 2016,

  • 52% do not require their visitors to use an alphanumeric password (mixing numbers and letters),
  • 52% allow at least 10 successive login attempts
  • 36% accept weak passwords such as "password", "azerty", "123456", which are nowadays the most used and therefore the easiest to hack.

Sources

Password management: increased awareness of risks, practices that persist

As the primary means of authentication for online services, the password is increasingly criticized and put to the test. While the number of accounts and the sensitivity of the information they protect continue to grow, the password remains the key to accessing most digital services.

The development of digital uses requires users to manage multiple accounts and passwords in an increasingly complex manner.

An unorganized management of these passwords puts users at risk for their personal data:

  • Using the same password to access different services can compromise sensitive accounts, including the primary email address;
  • the tendency to share passwords increases the risk of identity theft;
  • the tendency to create passwords related to oneself (date of birth, children's first names, company name, etc.) makes them more vulnerable, especially in a context where it is easy to retrieve information about people online (social engineering);
  • the difficulty in memorizing a password that is too long leads to the use of simple passwords, a few characters, often common words, or to write them on paper (Source: CNIL)

Several recent surveys highlight a tension between increased awareness of the risks of identity theft and practices that persist.

Risk awareness does not eliminate "risky" practices

According to the BNP-CSA Digital Barometer, 48% of respondents use the same password to access their different accounts. However, 46% consider this practice "risky".

51% of respondents admit to having already checked the " Remember me" box to avoid entering a login and password each time they log in. 32% consider this practice "risky".

6.7 passwords used on average

Références :

The development of digital uses requires users to manage multiple accounts and passwords in an increasingly complex manner.

Rather than multiplying their passwords, users tend to use the same passwords to access different online services, according to a recent CNIL survey.

60% of Internet users are content to use between one and five passwords.

Variety of ways to remember passwords

Faced with the need to remember several passwords, codes and other complex numbers, users implement several methods, according to a survey conducted by CSA for Direct Matin.

31% of French people (53% among those 65 years and older) say they write them down on a piece of paper.

25% of French people (and 39% of 18-24 year olds) say they use their memory to remember their codes.

Other means are used by the French, such as repeating the same passwords (19%), using mnemonics (14%), and using special software (6%).

Still marginal use of password managers

Several password managers allow you to generate passwords that are difficult to guess or steal.

According to the CNILsurvey , these tools are still largely unknown and their use is still marginal.

Often lax password management on e-commerce sites

The Dashlane company, editor of a password management software, realizes every year a barometer of the security of e-commerce websites passwords. The sites are evaluated via a list of criteria (minimum length of the password, obligation to use an alphanumeric password, number of possible successive connection attempts, etc.). A note is then associated to each criterion and the total allows to attribute to the site a security score ranging between -100 and 100.

Of the 25 sites analyzed in 2016,

  • 52% do not require their visitors to use an alphanumeric password (mixing numbers and letters),
  • 52% allow at least 10 successive login attempts
  • 36% accept weak passwords such as "password", "azerty", "123456", which are nowadays the most used and therefore the easiest to hack.

Sources

Labo Société Numérique

Labo République Française Agence nationale de cohésion des territoires
Password management: increased awareness of risks, practices that persist