Two-Thirds of Consumers Use Same Two Passwords Around Web

By Matthew Harwood

When pitted between convenience or security concerning passwords, most consumers will choose what's easy rather than what's safe, according to a recent survey from Gartner.

After surveying over 4,000 online adults, the technology research and advisory firm discovered two-thirds of consumers use one to two passwords for multiple Web sites.

"Despite  widespread security concerns," according to the report, "consumers continue to use unsafe password management practices, and would rather keep with the status quo than explore new methods whereby trusted service providers manage their credentials."

Rather than explore newer and more secure options such as software or hardware that can manage multiple passwords, consumers want to continue their easy use of one or two passwords regardless of how risky this is when accessing important Web sites, such as online bank accounts. Because of this, Gartner recommends that consumer-facing Web sites continue to bolster their password security with "device identification, geolocation, and transaction verification" to protect their customers from data breaches.

Enthusiasm for alternative solutions barely registered.

Thirty percent of respondents had strong interest in software that manages passwords, while 26 percent had strong interest in using an external device to manage passwords. But the least amount of enthusiasm, 23 percent, was reserved for allowing "trusted service provider's Web sites" to manage multiple passwords for multiple Web sites.

Consumers believe they can store and manage their passwords better than any number of service providers.

More than half of all respondents said they could store their passwords more securely or that there was no need for password services to make juggling passwords easier.

Although it was no vote of confidence, banks were the most trusted service provider with barely 10 percent believing they could securely store and manage consumer passwords. In a virtually dead heat for second place came Microsoft, Yahoo, Google, and a consumer's e-mail provider, respectively.

The survey was bad news to companies looking to store and manage consumers passwords for multiple secure Web sites.

"The survey findings serve to confirm our belief that there is a limited business for identity providers to manage general-purpose consumer identities and passwords to be used to access sites across multiple business contexts, such as financial services, government, and healthcare," said Avivah Litan, vice president of Gartner.


Even in online stores?

I'm planning to open my own online store and I'm so worried about security. I see how big brand websites are getting hacked and I don't think I can ever make my store as secure as theirs. If this is true then it makes it really impossible to be a 100% safe shopping place. If users share their passwords in many places than someone can easily log in and make some purchases. For online stores it looks like it's all about what kind of credit card processor you have since they make sure the transaction is legit. I was thinking if I go with PayPal since they track where the payee is logging in from and the transaction won't go through if someone else has a person's access info. Things would be so much easier if the internet wasn't an annonymous place...

View Recent News (by day)


Beyond Print

SM Online

See all the latest links and resources that supplement the current issue of Security Management magazine.