Password Reuse is Still a Major Threat

This post is also available in: עברית (Hebrew)

44% of users worldwide reportedly reuse their passwords on multiple accounts, putting tons of sensitive data at risk.

Dashlane is a password manager, and its Global Password Health Score report reveals that despite a positive trend in password security and hygiene over the past year, there’s still room for improvement.

Dashlane states that 80% of hacking-related breaches and attacks are caused by weak, stolen, or reused passwords. Threat actors usually rely on the human element, exploiting human error to obtain credentials and information.

According to Cybernews, Dashlane analyzed 19 million users and 22,000 customers and concluded that unfortunately, password reuse remains prevalent. Contrary to popular belief, reusing even strong and complicated passwords leaves accounts exposed to password-spraying attacks if they’re not protected with multi-factor authentication.

An average internet user has an average of 227 accounts that require a password, so it is highly unrealistic to expect users to invent and remember a separate password for each of these accounts. The company explains that regardless of whether or not a user’s passwords are strong, a reused password can have a domino effect: If one account is compromised, they could all fall down, especially without multi-factor authentication.

A possible solution and replacement are passkeys- while combining strong passwords with MFA is a good start, passkeys are a secure, easy-to-use, and phishing-resistant replacement for passwords, according to Dashlane.

Nevertheless, recent research by Keeper Security predicts that passkeys are not going to eliminate passwords so quickly, since using fingerprints, face scans, pin codes, and other methods often lacks support from many applications, especially legacy apps, databases, protocols, and resources.

To conclude, Dashlane calls users to be password-conscious, by which they mean knowing that every reused password provides an opportunity for cybercriminals to find their way into the account, and by updating passwords in the event of a breach and using strong, unique passwords for each of your accounts, one can better prevent threat actors from gaining unauthorized access.