On World Password Day, global survey exposes consumers’ views and behaviors about creating and using passwords.
LONDON/SAN FRANCISCO – May 6, 2021 – Onfido, the global identity verification and authentication company, today announced the results of a global study* that found 17% of consumers would rather watch paint dry than create a unique password for every online account they have. Issued by Censuswide, the study polled more than 4,000 consumers in the United States, the United Kingdom, France and Germany who have online or mobile accounts on their password habits, attitudes and more.
Despite widely recognized security risks, passwords remain the de facto standard for user access and authentication for online applications, with the average person having 100 passwords. Onfido’s survey results indicate many consumers find password creation cumbersome, and widespread poor password hygiene could put consumers and the brands they engage with at risk.
People would rather get a root canal than create unique passwords for all of their online accounts.
Consumers surveyed would rather do mundane, uncomfortable and, in some cases, painful activities than create a unique password for every online account they have.
Seventeen percent of respondents would rather file their taxes. One in 10 people surveyed would rather get a root canal or a filling, 9% would rather get a colonoscopy, and 15% of respondents would rather wait in line to update their vehicle registration or driver’s license (e.g. at the DMV or RMV).
Many predict a no password future is imminent and express openness in alternate biometric authentication methods.
Fifty-eight percent of respondents predict that passwords will be extinct within nine years, with just over two in five (41%) predicting in five years or less. A majority (58%) say they would use biometrics (i.e., fingerprint or facial biometrics) in place of a password for all of their accounts if the brands and services they used offered it.
Bad password habits persist among consumers.
Fifty percent of those surveyed reuse passwords** (17% use only one for all accounts; 33% use a handful rotated across all accounts). One in five of consumers surveyed have a core password that they adapt to meet brands’ password strength requirements (this could be character length, special characters, etc. – a well-recognized best practice for protecting accounts from bad actors that use tactics like credential stuffing that capitalize on repeat passwords).
Consumers prioritize creating tough-to-crack passwords, but draw from worryingly obvious places of inspiration.
When coming up with a new password, 29% consumers surveyed say creating a password that is hard to crack is top priority. One in four say meeting the requirements of the service they are interacting with is top priority, while 18% prioritize something simple that they won’t forget and just over one in 10 (11%) prioritize it matching their other passwords.
Over one in five consumers who have passwords for online or mobile accounts surveyed (22%) use birthdays as inspiration for passwords, while 19% use pet names, 19% use family names, 14% use a hobby, 12% use time of year (seasons, months, year), and 10% use their mother’s maiden name. Ten percent also list each of the following as inspiration: sports teams, street names/addresses, and phone numbers. Stealthy hackers can find much of this information about a given person online with just a few searches, which put consumers at risk.
Password complexity prioritized over simplicity is most common for banking, home security applications, crypto exchanges and software or services used for work.
The survey also asked consumers to rate the importance of having a complex and secure password versus a simple and memorable password for accounts within specific industries (on a scale of “1” being simple and memorable and “5” being complex and secure). Nearly three in five (57%) selected complex and secure for banking, nearly half (48%) selected the same for home security applications followed by crypto exchanges (47%), and software or services used for work (38%).
Over one-third prioritize password complexity and security for online health services (35%) and gambling/betting (35%), and over 3 in 10 prioritize this for social media, less than 3 in 10 make password complexity and security a priority for travel applications (28%), online education services (25%), and gaming platforms (24%).
“Passwords are an insufficient form of authentication because the onus lies on consumers to remember them and ensure their complexity. With today’s fraudsters carrying out highly sophisticated attacks using data from the dark web, even the lengthiest and seemingly strongest passwords can be relatively easy to hack,” said Sarah Munro, Director of Personal Identity at Onfido. “A better, more secure path forward is for organizations to invest in biometrics-based technology that can offer a more convenient and secure experience for consumers.”
According to Forrester’s Q3 2020 US State Of Consumer Authentication Survey, 46% of respondents already use passwordless authentication for popular consumer websites, while 51% of consumers believe biometric login should be optional for mobile apps.
About World Password Day:
Intel created World Password Day in 2012 — the first Thursday of May (May 6, 2021) — to address the critical need for solid passwords.
*The research was conducted by Censuswide, with 4,047 general consumers aged 16+ in the UK,, USA, France and Germany between 20.04.21 – 23.04.21. The survey was conducted from a random sample of adults. Censuswide abide by and employ members of the Market Research Society which is based on the ESOMAR principles.
**Combination of ‘I have a handful of passwords that I rotate across all of my accounts’ and ‘I only use one password for all of my accounts’