Only one in three people change their passwords after being informed of a data breach, according to a new study.
The study, conducted by researchers from Carnegie Mellon University's Security and Privacy Institute and Indiana University Bloomington, examined the security habits and browser traffic of 249 participants from January 2017 to December 2018.
Of the 249 participants in the study, only 63 had more than one account in one of the nine domains with data breaches that the researchers examined.
This included the massive Yahoo data breach announced in December 2016 (not included in the study), February 2017, and October 2017. Overall, 3 billion account usernames and passwords--probably representing all Yahoo accounts--were compromised.
Only 21 of the potentially affected participants changed their passwords after the announcement of the breach.
Most of these users had Yahoo accounts, and 31 of them did not change their passwords after the identity theft threat.
According to the study, "Two participants changed their Yahoo passwords twice; two participants changed their passwords for the compromised domains within one month of the announcement of the breach, a total of five within two months, and eight within three months.
The survey also examined the quality of the new passwords and found that of the 21 who changed their passwords, only 9 chose stronger passwords. On the other hand, 12 created weaker or equally strong passwords.
With regard to password strength, the study claims: "On average, participants created new passwords that were 1.3 times stronger than their old passwords after converting the strength on a log10 scale.
This study is perhaps most surprising given that it is not difficult to create ultra-secure passwords.
Mixing special characters, numbers, and upper and lower case letters is a good start. Avoiding words and phrases that are easily cracked is also strongly recommended.
Of course, then there is the problem of remembering them all. We all have passwords for everything online these days, including multiple bank accounts, online shopping, social media, etc.
That's where having one of the best password management tools comes in handy. With the click of a button, you can create, store, and access numerous secure passwords.
Comments