In June, we pointed to a research paper. The research paper shows that only 33% of users affected by a data breach change their password afterward. 13% of these users did so within three months after the breach became publicly known.
A new awareness study presents that only 16% of participants visited web pages related to notable data breaches. Few participants read web pages about data breaches that likely affected them.
“Without adequate awareness, it is unlikely that people will act to improve their security.”
As a reader of our website, you are likely aware of security incidents and information security; most people are not. They aren’t interested in these topics, overlooking that information security affects all of us every day. For us, it is vital to impart InfoSec knowledge so that you can improve your security. So share your knowledge, too. Show others how to protect themselves.
Regarding passwords: In our experience, many users are still overwhelmed when we recommend password managers as they don’t know how password managers work. After trying a password manager like KeePassXC for some time, they ultimately fall back to the classic “one password for all” scheme. However, password managers for unique and strong passwords plus two-factor authentication are the best we have in 2020.
The research papers:
- (How) Do People Change Their Passwords After a Breach?external link (PDF file)
- What breach? Measuring online awareness of security incidents by studying real-world browsing behaviorexternal link (PDF file)