Nearly half of Americans still reuse passwords despite phishing risks
Nearly half of Americans admit to reusing passwords across accounts, even as phishing attacks continue to rise. A new survey by Yubico and Talker Research shows that while many people feel confident in their ability to stay secure online, their actual habits reveal a different story.
The study asked consumers in 10 major US metro areas about their digital security practices. Forty eight percent said they use the same password for multiple accounts, a behavior that leaves them exposed if one login is compromised.
SEE ALSO: Analysis of breached passwords shows almost all are weak
At the same time, 62 percent said they feel confident spotting phishing scams, yet 39 percent reported experiencing a cybersecurity incident in the past year.
This tension between confidence and reality is at the heart of the survey results. While people understand that online threats exist, many still lean on practices that security experts have long warned against.
Reusing passwords remains a leading vulnerability, especially as phishing attacks become harder to detect with the use of AI-generated messages.
The survey also shows wide variation in how different cities approach security. In New York, 61 percent of respondents said they have started using passkeys, while nearly half also admit to reusing passwords. In Los Angeles, 19 percent said they only change passwords when forced to by a breach or prompt.
Seattle and San Francisco, both tech-heavy regions, lead in the use of multi-factor authentication, at 70 percent and 67 percent respectively. San Francisco also reported strong passkey adoption at 64 percent.
Denver, on the other hand, lags further behind, with 50 percent of respondents from there admitting to password reuse and 11 percent saying they rely solely on basic passwords.
Chicago and Atlanta illustrate another divide. In Chicago, 22 percent believe that simply creating strong, unique passwords is the best approach. In Atlanta, stronger adoption of multi-factor authentication stands out, with 62 percent enabling it whenever possible.
Pet names as passwords
In Texas, the survey uncovered a surprisingly common, and worrying habit -- 13 percent of respondents nationwide still use their pet’s name as a password. Houston and Dallas-Fort Worth residents appear among those most likely to lean on this familiar but weak method.
42 percent of people living and working in Washington D.C. said their financial accounts being hacked was their biggest concern. Respondents in the city also showed relatively high adoption of passkeys at 62 percent, nearly identical to New York’s 61 percent.
Americans are clearly making uneven progress towards stronger digital habits. While awareness of cybersecurity threats has grown, old habits like password reuse and reliance on weak credentials persist.
Multi-factor authentication has gained traction, with 64 percent of respondents saying they enable it when available, although many still rely on receiving authentication codes via text, which is less secure than newer methods.
What do you think about Americans’ approach to online security? Let us know in the comments.