Hacking risk doesn’t stop most Americans from being careless with their passwords

‘Learned helplessness’ results in most not taking enough precautions to secure their data

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someonePrint this page

A stun­ning num­ber of Amer­i­cans say they’ve been vic­tim­ized by a dig­i­tal crime, like cred­it card fraud (41 per­cent). But even more say they write their pass­words down on a piece of paper (49 percent).

Bob Sul­li­van, vet­er­an jour­nal­ist and a found­ing mem­ber of msnbc.com

In fact, Amer­i­cans have a lot of bad dig­i­tal habits. Some 41 per­cent say they have giv­en their pass­word to a friend or fam­i­ly mem­ber (you shouldn’t); 39 per­cent use the same pass­word across their accounts (you real­ly shouldn’t); 28 per­cent don’t both­er putting a lock screen on their smart­phones (that’s a ter­ri­ble idea); and near­ly one in five say their main tool for keep­ing track of pass­words is … paper.

The data comes from a new Pew Research Cen­ter sur­vey that labels these unsafe folks “pass­word challenged.”

More about the chal­lenged: Some 39 per­cent of Amer­i­cans say they have a hard time keep­ing track of passwords—and 25 per­cent say they use less secure pass­words because they are eas­i­er to remember.

Relat­ed: Cre­ate safer pass­words for all your online accounts

Fear’s there; action isn’t

It’s not that peo­ple aren’t scared. Most expect bad things to hap­pen. Most Amer­i­cans antic­i­pate major cyber attacks in the next five years on the nation’s pub­lic infra­struc­ture (70 per­cent) or bank­ing and finan­cial sys­tems (66 per­cent), Pew said.

And it’s not because bad things haven’t already hap­pened. Real­ly bad things. To a lot of people.

• 35 per­cent have received notices that some type of sen­si­tive infor­ma­tion (like an account num­ber) had been compromised.

• 16 per­cent say that some­one has tak­en over their email accounts.

• z13 per­cent say some­one has tak­en over one of their social media accounts.

But this might be the most stun­ning find of all in the Pew report: “Amer­i­cans who have per­son­al­ly expe­ri­enced a major data breach are gen­er­al­ly no more like­ly than aver­age to take addi­tion­al means to secure their passwords.”

I’d call this a clear exam­ple of some­thing soci­ol­o­gists call “learned helplessness.”

Many feel secu­ri­ty steps are futile

I’ve seen find­ings like this before in the relat­ed world of pri­va­cy. Most folks want more pri­va­cy, but feel help­less in their efforts to get it, and have no idea what to do to get it. Secu­ri­ty has a sim­i­lar prob­lem. It’s not clear what peo­ple can do to keep their online accounts safer, oth­er than not falling for phish­ing attacks. Many times, con­sumers are vic­tims and there wasn’t any­thing they could have done—as when there is a large-scale data­base hack from a pre­vi­ous­ly rep­utable website.

Under­stood in that light, it’s ratio­nal for con­sumers to go on and live their lives with­out the ongo­ing has­sle of remem­ber­ing 12-char­ac­ter pass­words. Why make your day-to-day life hard­er if, in the end, you aren’t safer anyway?

Then there’s this: Per­haps the world’s fore­most secu­ri­ty writer has been sug­gest­ing that peo­ple write their pass­words down on a piece of paper for years. Really.

Bad advice heeded

Peo­ple can no longer remem­ber pass­words good enough to reli­ably defend against dic­tio­nary attacks and are much more secure if they choose a pass­word too com­pli­cat­ed to remem­ber and then write it down,” secu­ri­ty expert Bruce Schneier wrote back in 2005. “We’re all good at secur­ing small pieces of paper. I rec­om­mend that peo­ple write their pass­words down on a small piece of paper, and keep it with their oth­er valu­able small pieces of paper: in their wallet.”

I’m going to go out on a limb and say that most peo­ple who admit­ted using paper in Pew’s study aren’t doing so in order to use a high­ly com­plex pass­word. (I wish Pew had asked that ques­tion). So if that’s you, at least use your paper trick to enhance your per­son­al secu­ri­ty. In the end, what the world needs is to final­ly move away from user/password com­bi­na­tions as the way we secure every­thing. And on that front, the Pew study offers a tiny bit of hope. Slight­ly more than half (52 per­cent) say they use two-step authen­ti­ca­tion on at least some of their online accounts. And that is a step in the right direction.

More sto­ries relat­ed to pass­word security:
Sen­tenc­ing in Astro-Car­di­nals base­ball hack offers les­son about passwords
Now’s the time to change all your pass­words, not just LinkedIn
Skin implants arrive as replace­ment for passwords