LastPass Psychology of Passwords Report Highlights Password Behavior Unchanged Even as Cyber Threats Rise

Data Breaches and Hacking Cause Fear, But Only 55% Would Update Passwords If Hacked

Boston, Massachusetts, UNITED STATES

BOSTON, May 01, 2018 (GLOBE NEWSWIRE) -- LastPass by LogMeIn, a leader in password management, today released findings of a new global survey, “Psychology of Passwords: Neglect is Helping Hackers Win,” revealing that despite today’s increased threat landscape and heightened global awareness of hacking and data breaches, password behaviors remain largely unchanged. Data from the survey shows that 91 percent of people know that using the same password for multiple accounts is a security risk, yet 59 percent continue to use the same password. As a result, individuals’ behavior in creating, changing and managing passwords in both their professional and personal lives is slow to match the rapid evolution of cybersecurity threats.

The global survey, which polled 2,000 individuals across the United States, Australia, France, Germany, and the United Kingdom, provides evidence that increased knowledge of security best practices doesn’t necessarily translate into better password management, and highlights regional, generational and personality differences can factor into password security.

Key findings include:

  • Global Cyber Threats Skyrocket but Password Behaviors Unchanged
    Password behaviors remain largely unchanged from the same study conducted two years ago — translating to some risky behaviors. 53 percent report not changing passwords in the past 12 months despite a breach in the news. And while 91 percent know that using the same password for multiple accounts is a security risk, 59 percent mostly or always use the same password.
  • Fear of Forgetfulness = Number One Reason for Password Reuse
    Not only do most respondents (59 percent) use the same password for multiple accounts, but many continue to use that password as long as possible — until required by IT to update or if impacted by a security incident. The fear of forgetfulness was the number one reason for reuse (61 percent), followed by wanting to know and be in control of all of their passwords (50 percent).             
  • Attention IT: Password Behaviors Same at Work and Home
    The majority of respondents (79 percent) report having between one and 20 online accounts for work and personal use. When it comes to password creation, nearly half (47 percent) say there is no difference in passwords created for these accounts. Only 19 percent create more secure passwords for work and 38 percent never reuse the same password between work and personal, which means that 62 percent do.
  • Type A Personalities Take Passwords More Seriously
    Bad password behavior in Type A personalities stems from their need to be in control, whereas Type B personalities have a casual, laid-back attitude toward password security. Respondents who identify as Type A personalities are more likely than Type B personalities to stay on top of password security: 77 percent put a lot of thought into password creation, compared to 67 percent of Type B. And Type A users consider themselves informed about password best practices (76 percent) over Type B users (68 percent).             
  • Security-conscious Thinking Doesn’t Translate to Action
    The data showed several contradictions, with respondents saying one thing and in turn, doing another. 72 percent say they feel informed on password best practices, but 64 percent of those say having a password that’s easy to remember is most important. Similarly, 91 percent recognize that using the same or similar passwords for multiple logins is a security risk, yet 58 percent mostly or always use the same password or variation of the same password.

“The cyber threats facing consumers and businesses are becoming more targeted and successful, yet there remains a clear disconnect in users’ password beliefs and their willingness to take action,” said Sandor Palfy, Chief Technology Officer of Identity and Access Management at LogMeIn. “Individuals seem to understand password best practices, but often exhibit password behaviors that can expose their information to threat actors. Taking a few simple steps to improve how you manage passwords can lead to increased safety for online accounts whether personal or professional.” 


Survey Methodology

The Psychology of Passwords survey was commissioned by LastPass and fielded by independent panel research firm Lab42 from February 8-21, 2018. The responses were generated from a survey of 2,000 adults, ages 25 to 60 who have at least one online account. Survey respondents represented the United States, Germany, France, Australia and the United Kingdom. Where possible, results were compared with the 2016 Psychology of Passwords survey commissioned by LastPass.

About LastPass
LastPass is an award-winning password manager helping millions organize and protect their online lives, at home and at work. For businesses of all sizes, LastPass provides secure password storage and centralized admin oversight to reduce the risk of data breaches and remove password obstacles for employees. With customizable policies, secure password sharing, and comprehensive user management, LastPass gives IT the tools to strengthen password hygiene across the organization. For more information, visit

LastPass is a trademark of LogMeIn in the U.S. and other countries.

About LogMeIn, Inc.
LogMeIn, Inc. (Nasdaq:LOGM) simplifies how people connect with each other and the world around them to drive meaningful interactions, deepen relationships, and create better outcomes for individuals and businesses. One of the world’s top 10 public SaaS companies, and a market leader in communication & conferencing, identity & access, and customer engagement & support solutions, LogMeIn has millions of customers spanning virtually every country across the globe. LogMeIn is headquartered in Boston with additional locations in North America, Europe, Asia and Australia.

Media Contact:
Lauren Van Dam