Today we released findings from our 2012 Online Registration and Password study conducted by Harris Interactive®. When asked, “how many unique passwords do you have?” the average was 7.9, which while higher than this landmark study from 2007 that showed 6.5, is probably still lower than the number of sites for which the average consumer maintains a username/password combination. Interestingly, almost 2 in 5 consumers think it would be easier to solve world peace than remember all their passwords and a similar percentage would rather clean the toilet than create yet another username and password combination.
Most of you reading this probably can relate to these consumers and probably agree with them to a fairly high degree. Having to create a new username/password combination – with a strong password, no less – is a pain. And while three quarters of people reported they always try to create strong passwords, nearly 40% report having to ask for assistance at least once a month due to a forgotten password. This is a cost carried by the websites – brands have to answer each of these requests.
I personally don’t believe that 75% of people always create strong passwords either; I think there is some survey bias here, similar to when you ask people if they are better than average drivers. No one wants to admit they don’t follow good practice advice, but the data coming out of every single reported breach indicates that they don’t. Check out the infographic from Rapid7 with their analysis of the most popular passwords cracked in a recent breach. I thought I had read that “password” was the number one choice, but according to Rapid7, it was “link.” Hard to argue that strong password rules are being followed when you see that!
The risk here is that it is getting easier and easier for crackers to figure out your password – if you doubt this statement, read this article. But there is a solution…
These stats are one of the main reasons I am so passionate about Janrain’s business. By deploying social login, our clients are able to cut costs (no more having to answer lost/forgotten password calls as the responsibility of protecting passwords shifts to the Identity Providers like Facebook or Google), increase consumer acquisition (86% of consumers report having left a site when asked to register), and most importantly, have the ability to create more compelling and relevant experiences for their online visitors.
How many unique passwords do YOU have, and can all of them be considered “strong?”