24% of millennials use the same password for all accounts
Credential sharing for online services like Netflix is rampant
6 October 2020, London, UK:
Unfortunately, new research confirms that younger generations have significantly riskier password habits than their parents, with 24% of those aged between 24 and 38 (Millennials) using the same password for all their accounts, compared to just 2% of baby boomers.
With 14% of Gen-Z’s (aged 16-23) and Millennials reporting they have never changed their passwords and 80% of young people using a common substitution, such as D00RB3LL for DOORBELL, it is younger generations that are most vulnerable to identity fraud. Conversely, older people appear far more savvy, with the majority of baby boomers using multiple different passwords and 62% changing them at least twice a year.
Ben Todd, Head of Worldwide Sales, Nomidio commented: “It’s hugely concerning to see that password habits are getting worse rather than better. Young people are trading security for convenience, but that could come back to bite if their identity is compromised.”
He continued: “The survey clearly shows we need modern and secure ways of logging-in. Easy to use biometric systems like Nomidio mean people can log-in wherever they like, using only their face or voice, which are more secure and impossible to misplace. It’s secure and convenient.”
Credential sharing, where people provide usernames and passwords to friends for access to digital services like Netflix or Amazon, is rampant amongst the young. According to the research, 62% of Gen-Z and Millennials share credentials with friends and family, increasing the attack surface by exchanging them in emails and messages. Perhaps even more concerningly, one in five Millennials leave their passwords accessible to hackers in their contacts or notes pages on internet connected devices.
Philip Black, Commercial Director at Nomidio added: “Credentials sharing happens at home and in the workplace, it’s a major headache for internet companies and cyber security professionals. Biometrics is the only way to stop this practice because it’s much harder for someone else to log-in using your face, you’d actually have to be there with them.”
Logging-in to digital services requires people to have strong password management skills but also to store their personally identifiable information with 39 different businesses on average, greatly increasing the risk of compromise. The Nomidio Password Hygiene study confirmed that less than 20% of respondents have used a service like ‘HaveIBeenPwned.com’ to check if their passwords have been compromised in data breaches. When additional security features such as Two-Factor Authentication are offered less than a quarter of all respondents take them up regularly.
Passwords are cumbersome, insecure and offer a poor user experience. That’s why Nomidio recently integrated with Open-ID, making it simple for users to log-in with Nomidio’s biometric identity service at the widest possible range of websites and cloud service providers. Nomidio removes the need to store personal data with multiple organisations, reducing the risk of identity theft, while freeing users from ineffective passwords.
About Nomidio
Nomidio is a business dedicated to re-imagining all aspects of digital identity so individuals are empowered with a digital identity that’s secure, unique, widely used and over which they retain control. Nomidio Identity Verification is the first service to go live, focused specifically on helping companies to quickly and cost effectively validate the identity of prospective customers. Nomidio has also developed the world’s most advanced consumer identity and authentication service.
Nomidio’s parent company Post-Quantum is dedicated to ensuring that organisations can carry out their operations safely and securely. Post-Quantum is one of a handful of leaders in the development of new quantum-safe encryption algorithms that are able to withstand the threat posed by quantum code-breaking. Post Quantum’s algorithm NTS-KEM is a finalist in NIST’s competition to find a replacement to RSA, today’s public-key cryptographic standard. The company provides a range of encryption products, services and IP to financial services firms, technology leaders and governments around the world.