Given the rapid migration to the digital world as highlighted in our recent report, “The Quiet Revolution“, and in the light of the recent Heartbleed security problem, we publish today some research about how households in Australia manage their portfolio of passwords for online accounts.
To do this, we used our digital segmentation:
We ask a number of specific questions in out household survey, about their online accounts and passwords. How many accounts and passwords do people have?
Some Digital Natives have more than 50, whereas Digital Luddites tended to have fewer. In fact there is a clear trend in the data, the more connected you are, the more passwords you will have. Some Digital Natives had more than 140!
Next we looked at how frequently they changed passwords. Whilst a small proportion of Digital Natives changed them each week, many across all the segments only occasionally or never changed them. Again we see a trend, with more connected people tending to change their passwords more frequently.
Turning to the number of different passwords people use, we found that some were methodically using different password variants for each account. None of the Digital Natives used the same password everywhere, but a proportion of Digital Migrants and Luddites did.
We then asked whether people used a password manager to generate and store passwords. Digital Natives were most likely to use software to help manage their password portfolio.
Finally, we asked about whether people wrote their passwords down. Many of the Digital Luddites did not, but we found that a fair proportion of Digital Natives and Migrants did record their passwords. We were surprised to find a number of households stored their online passwords on their smart phone, not to facilitate access on the phone, but as an aide memoir.
So, we see that passwords have become a complex an important issue for the digital life. However, the truth is that many use the same passwords in multiple places, write them down somewhere, and do not change them frequently. If you ask providers of online services, they will tell you that you should not do this. There is therefore a gap between the expectation of service providers, and the realities of households. As the digital life gets more complex, access verification needs to evolve.