Google has released a new set of eye-opening numbers that reveal the bad password practices people still use online. Earlier this year, Google released Password Checkup extension for Chrome that scans users passwords and tells them whether it’s safe or not.
The company has now come up with the first round of stats and says that around 1.5% of the password it scanned are not safe.
The tool was able to flag 316,000 of the 21 million usernames and passwords it scanned in the first month alone. For that, Password Checkup uses a database of around 4 billion usernames and passwords compromised due to a third-party data breach.
People reusing passwords
While it doesn’t come as a total surprise, one of the main concerns is people are already reusing these unsafe passwords on multiple online accounts. The reason is, of course, the virtually unlimited number of online accounts they need to maintain.
But this invites potential hackers to make their move and compromise user accounts through a technique called credential stuffing. These hackers use the already leaked passwords available online to gain access to user accounts, playing on the possibility that people might have reused their passwords elsewhere.
According to the stats, some people even reused unsafe passwords on sensitive financial, government, and email accounts. Further, only 26% of the users opted for a reset after their passwords were flagged as unsafe by the extension. But most of the people who changed their passwords chose stronger hard-to-guess passwords than before.
So, what else can be done?
Well, the very first step is to make sure that all your important online accounts are protected by unique and hard to guess passwords.
For the less important accounts, you can use password manager software so that you don’t have to remember all of them and you should still choose a unique password for each of them.
Lately, companies have also started working on making password-less sign-in options based on FIDO and WebAuthn standards. On the same lines, Google recently released password-less login for Android.
