More than 20% of consumers use passwords that are more than 10 years old, and 47% use passwords that have not been changed in five years, according to a recent report by account security company TeleSign. What’s more, respondents had an average of 24 online accounts, but only six unique passwords to protect them. A total of 73% of accounts use duplicate passwords.
Consumers recognize their own vulnerability. Four out of five consumers worry about online security, with 45% saying they are extremely or very concerned about their accounts being hacked – something 40% of respondents had experienced in the past year.
While some companies may worry that adding too many security measures may frustrate or discourage users, this concern appears unfounded. Two thirds of respondents said they want online companies to provide more security, such as two-factor authentication (2FA). The real issue may be education. Even where this extra layer of protection is available, TeleSign found, a majority has not enabled it, with most among these users reporting that they do not understand what it is or how to use it. But, the survey found, 72% of consumers want to learn more about how to better secure their data.
“The number-one tip most experts give for increasing account security and stopping the fallout from data breaches is to turn on two-factor authentication,” said Steve Jillings, CEO of TeleSign. “Yet our research shows that the majority of consumers (61%) do not know what two-factor authentication is, even though it’s available on almost every account, free to the consumer and just waiting to be turned on.”
There is some good news, however. Some users in the United States are particularly learning – and acting upon – valuable lessons from highly publicized data breaches, with more people in the U.K. turning on 2FA because the site requires it, while more people in the U.S. did so to get an extra layer of protection. According to TeleSign, compared to respondents in the U.K., almost six times as many U.S. consumers turned on 2FA because their personal information was exposed in a data breach (17% vs. 3% of U.K. consumers). About three times the share of U.S. consumers enabled 2FA because they read or heard about a data breach (24% vs. 7%) or had an account hacked (23% vs. 9%).