Two thirds of web users re-use the same passwords

I may never get tired of talking about password reuse (using the same password on different sites), but you may get tired of hearing me go on about this. So I will keep this post short.

Troy Hunt has done an excellent analysis of the passwords of the most recent Sony breach. There are lots of scary data in there, but I wish to highlight that two thirds of users whose data were in both the Sony data set and the Gawker breach earlier this year used the same password for each system.

If you use 1Password on the Mac, take a look at Mike’s tips on how to use 1Password to help identify duplicate passwords and get you strong, unique passwords for every site.

1Password for Windows users can identify passwords that may be identical simply by sorting their passwords by password strength.

To change an existing password for a site, you can’t just change it entirely within 1Password, but you need to go through the website’s password change mechanism. Take a look at our guide for changing passwords for how 1Password can help you every step of the way.

[Edited 2011-06-09 to correct Troy Hunt's name and affiliation]

Other posts in this series

  1. More than just one password: Lessons from an epic hack (August 19, 2012)
  2. Password reuse strikes again, and a bit closer to home at Dropbox (July 31, 2012)
  3. Friends don't let friends reuse passwords (July 12, 2012)
  4. On password breaches and security processes (June 6, 2012)
  5. Two thirds of web users re-use the same passwords (June 7, 2011)
  6. Tips: How to Find Duplicate Passwords (April 29, 2011)
  7. When websites are breached, 1Password saves the day! (April 14, 2011)
  8. Security firm falls victim to password reuse (February 17, 2011)
  9. xkcd Hits Nail on Head (September 14, 2010)

We'd love to hear your comments in our forum!