Pandemic prompts digital ‘boom’ in account creation - as well as password fatigue

Lockdown forced many of us online and this hasn't helped our security postures.

The COVID-19 pandemic has become a catalyst for a "boom" in the growth of online account ownership -- but has potentially also undermined consumer security.  

COVID-19 has caused severe economic and societal disruption, not to mention the impact on both our physical and mental health. 

Lockdowns, shielding, and stay-at-home orders imposed worldwide forced many of us to turn to online sources for everything from our groceries to banking and entertainment, and this led to what IBM calls a "digital reliance" and the need to create more online accounts than ever before. 

In a new global study of 22,000 participants, conducted by Morning Consult for IBM, the technology vendor examined the impact of the pandemic on consumer security behaviors. 

The results are in, and they aren't good. 

With so much else going on, little thought seems to have been given for personal security. As we signed up for account after account -- with 15 new online accounts created during the main thrust of the pandemic, on average, per person -- 82% of those surveyed admitted sometimes reusing the same passwords and credentials. 

screenshot-2021-06-14-at-14-00-06.png

In total, 44% of respondents simply remembered their passwords, whilst 32% jotted their credentials down on pen and paper. 18% of those surveyed said they make use of a password manager, and a further 18% store passwords in the cloud -- such as through Notes or Google Docs. 

Billions of new accounts, therefore, are now active across the Internet worldwide -- and 44% of respondents said they do not plan to deactivate these new accounts, a trend IBM says will give consumers "an increased digital footprint for years to come, greatly expanding the attack surface for cybercriminals."

In addition, the report found that convenience often outweighs security concerns, perhaps due to how often we hear of data breaches and the knowledge that so much of our Personally identifiable information (PII) is already widely available. 

Over 51% of the millennial age group, for example, would have rathered risk using an insecure app or website rather than visit a physical store or make a phone call when ordering products and services.  

screenshot-2021-06-14-at-13-56-22.png

Think about a time when you're trying to place an order online and it is most convenient to order online. Which of the following
statements do you agree with more, even if neither perfectly applies to you?

IBM

Many online services now require strong passwords and a relatively high level of complexity when users sign up. However, passwords themselves are now not enough for popular platforms and the moment they are leaked, they can be used in tailored phishing campaigns and social engineering attempts -- as well as for direct account hijacking. 

It is recommended that you consider using a password manager that can generate strong passwords on your behalf, monitor for data leaks that have exposed them online, and for further security, enable two-factor authentication (2FA) or consider a physical key, such as Yubikey, for an additional layer of protection. 

Previous and related coverage


Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0