One in three people have tried guessing someone else’s password
We’re a world of hackers – even if we don’t know it.
They’re the keys to our digital lives, and – despite Microsoft being keen to try and get rid of them with its latest iteration of Windows – they’re as important as ever to how we live. But passwords remain a bugbear for many of us, and they’re something that we’re all conscious of the risks of using.
Research by Beyond Identity shows that one in three respondents to a survey of 1,015 Americans has previously tried to guess someone else’s password, and over 73% of them were successful.
The people trying to guess passwords were often those nearest and dearest to the purported victims. Half of those who guessed passwords were trying to uncover the login code for their romantic partner, while a quarter were overprotective – or just plain nosy – parents trying to creep on their children.
But it’s not just parents trying to snoop on their kids in a one-way street when it comes to password guessing. Four in 10 children have admitted to previously trying to guess their parents’ passwords – presumably to try and break into accounts to lift child locks.
The password problem
The password problem is one that we’re not hugely inventive when it comes to deciding how to lock up our accounts. The passwords we choose tend to be something that’s important to us, which makes it easier to guess than most things.
Of those who successfully cracked into an account and were willing to admit it, 40% said that they were able to do so by deploying information they knew about the victim.
A further 18% were clued-up enough to snoop through social media profiles to find key information that was likely to give them the digital keys to the kingdom, while 16% were savvy enough to check personal records or files – an indication that you should never store your password in a text file or on a piece of paper that’s easily accessible.
“Our respondents targeted personal emails (which we now know are the easiest to access) more than any other account,” says Beyond Identity. “Gaining access to an email account clearly isn’t rocket science, but there are measures that can be taken to improve security. For example, consider eliminating passwords completely, in order to prevent someone being able to access your company's accounts.”
Some simply give it all up
While an army of amateur hackers staffed in their ranks with our nearest and dearest is a concept that should give us all pause, it’s actually not the most common way that people end up getting into accounts.
A worrying proportion of us are very happy to reveal passwords for certain services to those we know – even though that’s bad information security practice.
Half of us are willing to share our video streaming service passwords, perhaps an indication that the price of Netflix is more of a worry than anything to do with operational security, while 45% of us do the same for music streaming services. A third of us, concerningly, will give up our phone PIN code, while a quarter are happy handing over online banking passwords.
“Maybe some people shouldn’t be too surprised about a cyberattack on their accounts, considering that, on average, people had shared three of their passwords with other people,” says Beyond Identity. “Ironically, the money someone could save by sharing entertainment streaming services probably wouldn’t nearly cover the losses of a potential online banking theft.”
How to make your password unguessable
If you wish to avoid someone else guessing their password, simply hiding it from everyone else won't be enough.
First, make sure to use our free password leak checker to see if your password is unique and hasn’t been already leaked or cracked by threat actors.
With that said, while generating complex passwords might be easy, memorizing them is usually much harder. Therefore, the best passwords are the ones that you don’t have to remember at all.
For this reason, we normally strongly recommend that people use password managers. These are special tools that store all your passwords in one secure, encrypted vault. Whenever you need to enter your credentials for an account, it’s just one click away.
And, last but not least, use 2-factor authentication (2FA) – enabling it will provide an additional layer of protection for your online accounts.
More from CyberNews
Subscribe to our newsletter