Two-thirds of people recycle the same password or use variations on the same basic one, according to LogMeIn.
Even though more than 90 per cent of people surveyed by the password manager biz said they knew it was risky to recycle passwords or light variations on a theme, 66 per cent of respondents admitted they "always or mostly use the same password or a variation".
These findings came from LogMeIn's Psychology of Passwords report, released today, that quizzed 3,250 people and discovered that half of them across the world hadn't changed their passwords over the past 12 months "even after hearing about a breach in the news".
Depressingly, that number rose to 58 per cent for Britons specifically who did not change their passwords after reading about a breach on the news. A whopping 92 per cent of Brits reuse passwords despite being aware of the risks.
A possible explanation for this is the age-old problem of forgetting sufficiently complex ones: just under two-thirds of UK dwellers who responded to the survey cited that as their reason for doing the bad thing. Across the full 3,250 people surveyed, 42 per cent agreed with the statement "having a password that's easy to remember is more important than one that is very secure".
Meanwhile in America, a third of people admitted to writing down passwords, while 67 per cent "trust biometrics more than traditional text passwords".
That's what makes you hackable: Please, baby. Stop using 'onedirection' as a passwordREAD MORE
Rather forlornly, LogMeIn commented in a statement: "Will this finally be the tipping point that causes people to show more concern for their online data?"
Thirty years of widespread consumer (mis)use of the internet tends to suggest the answer will be "no", but it's gods' work to keep preaching the online security gospel.
The standard password advice, repeated by LogMeIn, is to use a password manager to remember your passwords for you; enable multi-factor authentication (MFA), so if someone else does obtain your password they can't easily log in and steal your account – though 20 per cent of respondents to the survey said they didn't know what MFA was; and stay vigilant. While biometric logins (facial or fingerprint recognition) are controversial, they can be a useful and hassle-free way of securing an account where the option exists.
"Individuals seem to be numb to the threats that weak passwords pose and continue to exhibit behaviours that put their information at risk," complained John Bennett, gros fromage of all things identity and access management at LogMeIn. "Taking just a few simple steps to improve how you manage passwords can lead to increased safety for your online accounts, whether personal or professional."
LogMeIn itself, which provides remote access, collaboration and famously is still the home to password manager LastPass (which it bought for $110m in 2015), was sold to a private equity outfit for $4.3bn in December last year. At the time, it raised concerns from users about the data it held. The sale was due to close in the middle of this year.
Other password managers include Bitwarden, Dashlane, 1Password and KeePass. ®