Password health is improving but reuse is still an issue
A new report from Dashlane finds that password health and hygiene have improved globally over the past year, reducing the risk of account takeover for consumers and businesses.
However, reuse is still widespread leaving user accounts particularly vulnerable to password-spraying attacks if they’re not protected by strong multi-factor authentication.
The report uses details of the password hygiene of Dashlane's more than 19 million users and 22,000 customer organizations worldwide, based on aggregated, anonymized data. Report findings are based on a Password Health Score, calculated using Dashlane's proprietary algorithm, which factors in the number of weak, reused/similar, and compromised passwords in each Dashlane user’s vault. Scores range from 20 to 100, with higher scores indicating greater health.
The average Password Health Score in this year's report is between 70.9 (North America) and 78.2 (Eastern Europe). This is an improvement on average of nearly two points over last year.
"It's encouraging to see that people are de-risking their digital lives by improving their password health across-the-board," says John Bennett, chief executive officer at Dashlane. "The incremental improvements we’re seeing can have an outsized impact on reducing risk for users and their employers, especially from opportunistic, wide-net attacks."
Each of the 14 regions included in the report has a share of 44 percent or more reused passwords, which puts all their accounts at higher risk. Regardless of whether or not a user's passwords are strong, a reused password can have a domino effect as if one account is compromised, they could all fall down, especially without MFA.
Dashlane suggests that the best way to improve things is to transition to Passkeys which are automatically available directly from the user’s device or password manager.
"The passkey is the most consequential security advancement in decades because it makes the easiest path the most secure for everyday users on a global scale," adds Bennett. "In security, it is rare to have an innovation that is more secure and easier to use. Passkeys give you both, not to mention the benefits they're going to have for businesses in terms of reducing risk and damage caused by breaches."
The full report is available from the Dashlane site.
Image credit: designer491/depositphotos.com