By Kari Paul, MarketWatch
Dozens of countries were hit by a major cyberattack Friday, affecting more than a dozen hospitals in the U.K. The incident is a major reminder to companies and consumers alike to secure their systems and devices — but if history is any indication, it won’t work.
Although more people than ever are at risk of being hacked, most still don’t take basic security precautions, a January study from Pew Research Center found. Nearly 30% of smartphone users don’t even use a lock screen password on their phone. Some 54% of internet users have accessed public Wi-Fi networks, which put them at risk of being hacked — and one in five of those users admit to using a public network for sensitive services like banking.
Also see: Hottie, loveme and 23 other really bad passwords you should never use
The same study found only 12% of internet users use any kind of password manager like LastPass or 1Password, which save complex passwords on a digital keychain for secure logins. Roughly two-thirds said they rely instead on memorizing passwords, meaning they are likely not complex enough to be secure. In fact, 25% of respondents in the Pew study said they use passwords that are less secure than they would like to because they are more simple and easy to remember. Passwords “123456” and “password” topped the list of emails and passwords most frequently posted on hacker forums for the second year in a row, according to a report from security provider SplashData.
Using easy-to-guess passwords, particularly for email accounts, puts users in danger of identity theft and scams. Once a hacker has access to an email account, they can potentially find a victim’s personal information and location and get into their bank account. Security experts suggest using passwords of eight characters or more with a mix of upper and lowercase characters. (To be fair to Spicer, the apparent passwords he tweeted fit those qualifications.) In addition, 41% of adults who use the internet have shared the password to one or more accounts with a friend or family member and 39% say they use the same or similar passwords for many online accounts.
These lax security habits persist despite a growing awareness of the risks of hacking: roughly two-thirds of internet users now have been victims of a major hack, like the breach of more than 1 billion Yahoo email accounts or the massive hack of the U.S. government in 2015. “It’s not surprising that so many people have experienced these data breaches, but what we don’t see yet is whether that is necessarily translating into better security practices,” said Michael Kaiser, executive director of the National Cyber Security alliance
In fact, 69% of Americans say they don’t worry about the security of their online passwords. They also seem to trust government responses to cyberattacks, despite these high profile breaches: 62% of Americans feel the government is at least somewhat prepared to combat cyberattacks and 61% believe businesses are equipped to do the same.
There is some progress being made by internet users: Roughly half of online adults (52%) now use some form of two-step authentication, using a unique code sent to their phone to verify their identity; the website Two Factor Auth offers a list of websites that offer the tool and instructions on how to enable it. The tool is one of the easiest ways users can take a step toward better securing their accounts. “This is a really positive sign, but those adoption rates are still far below what we believe they should be,” Kaiser said. “We would like to see strong authentication adoption rates for all kinds of accounts — not just gateway accounts like email.”