New York, NY-based digital identity firm Beyond Identity spoke with 1,015 people in the US to learn more about their password-making strategies and how they generally conduct themselves in regards to online safety.
Many of us already share our account passwords. Over half of us (50.1%) share our video streaming account, and almost as many share our music streaming accounts (44.9%).
One in four of us (25.7%) share passwords to our online banking. On average, we share three of our passwords with other people.
The study revealed that many people try to guess others' passwords and are often successful. Over 73% managed to guess someone's passwords.
Over half (51.6%) try to guess their romantic partner's passwords, and almost one in four (24.6%) try to guess their child's password.
Over one in five (22%) try to guess their co-worker's password, and one in five (19.9%) try to guess their ex-partner's or boss' password.
The most common tactic is using information known about the other person (39.2%), while 18.4% check the person's social media profiles to try and guess.
Over two in five (43.7%) try to guess passwords for personal email accounts, and almost one in three (32.6%) try to guess phone passwords.
People were most interested in gaining access to the accounts of their romantic partners.
Those trying to guess their boss' password were trying to get into their employer's work email, while phones were the most common target for those guessing the password of a romantic partner.
Almost two in five (37.6%) of people never use a password generator. The average password tends to be 15 characters long, with over one in four (27.4%) choosing their pets names for a password.
Over one in three (27%) use random letters, and three in ten (30.7%) use random characters to replace letters. The survey showed that Generation X were most likely to use a password generator whilst half of the baby boomers had never used a password generator.
With easy-to-guess passwords, it is not really surprising that 18% of people have had their online banking accounts compromised or hacked.
Having a strong password policy in place with difficult-to-guess passwords drives many to write their complicated password down on paper -- ruining its effectiveness.
Two-factor authentication and authenticator apps can go some way to helping users secure their online environments, but add online security and social engineering to trick you out of your password, and you can see how easy it is for your online accounts to be compromised.
Trying to stay vigilant to scams and protecting your passwords -- even with a password vault, can become a layer of complexity too hard to manage -- and if that happens, someone successfully guessing your password could be as easy as a walk in the park.