Time Magazine recently published a list of the 25 Worst Passwords of 2012, as collected by SplashData. All in all, there really shouldn’t be any surprises for anyone who even remotely follows news on hacks, breaches or security. All of the time-honored favorites are here – password, 123456, qwerty, welcome, letmein, abc123 and 19 others you could easily guess in very little time.
People are definitely suffering from password fatigue – our own research shows that the average person has 7.9 unique username/password combinations (which is higher than the 6.5 average that often gets cited based on a 2007 study but still far fewer than the number of sites that require registration). More worrisome is that almost 2 in 5 people think it would be easier to solve world peace than remember all their passwords!
To overcome password fatigue, people re-use their existing passwords – ones as easy to guess as welcome – whenever they create new accounts across the web. This means if you offer the ability to login, register or sign-in on your website, your accounts are vulnerable even if you are spending huge amounts of money to protect your data. You see, all the hackers need to do is re-use usernames (often an email address) and hacked passwords from other sites to access yours. But don’t just take my word for it – read this frightening article to get a different perspective if you doubt our data.
There are a number of ways to protect your data from the effects of password fatigue, but many of them turn off consumers who don’t want to fill out long registration forms or create hard-to-remember strong passwords. That’s why I’m such a strong advocate for social login – the ability for your site visitors to use an existing identity from Facebook, Google, Twitter, etc. to register on your site.
Social login as a means to register gives people an easier way to set up an account with your site, eliminates forms and passwords, and can actually increase your conversion rates. At the end of the day, shifting the burden of protecting identity to the big guys with the best technology, takes a big headache off your IT Team’s plate. If you don’t already offer this, what’s holding you back?