According to a Pew Research study, the vast majority of Americans keep track of their passwords using much more traditional methods – specifically, by memorizing them or by writing them down on a piece of paper.

When asked about different ways they might keep track of their online passwords, fully 86% of internet users report that they keep track of them in their heads. Indeed, 65% report that memorization is the method they rely on the most (or is the only method they use) to keep track of their passwords. Around half of online adults (49%) say they keep the passwords to at least some of their online accounts written down on a piece of paper – with 18% saying that this is the method they rely on most heavily. In total, just over eight-in-ten online adults (84%) say that they primarily keep track of their passwords by either memorizing them or writing them down.

Other approaches to password management are far less common. Roughly one-quarter (24%) of online adults keep track of their passwords in a digital note or document on one of their devices (6% say this is the approach they rely on most), while 18% say that they save them using the built-in password saving feature available in most modern browsers (with 2% saying they rely on this technique the most). Just 12% of online adults say that they ever use password management software to keep track of their passwords – and only 3% rely on this technique as their primary method for storing passwords, the study said. 

Within every major demographic group, a majority says that memorization is the password management technique they rely on the most – and the differences that do exist on this subject tend to be relatively modest. For instance, those under the age of 50 are more likely than those ages 50 and older to primarily memorize their online passwords (72% vs. 55%), while older users are more likely to say they primarily write their passwords down on a piece of paper (27% vs. 13%).  

In addition, said the study, the approach to managing password that is most recommended by security professionals – password management software – is used relatively rarely across a wide range of demographic groups. College graduates tend to rely more heavily on these programs than most, but even among this “high usage” group, only 17% use these programs at all – and just 7% indicate that they use them as the sole or primary method for managing their passwords.

Users’ personal experiences with data theft are not highly correlated with the steps they take to manage and track their online passwords. Among those who have experienced some type of personal data theft or breach, nearly two-thirds (63%) say that they primarily keep track of their passwords in their head. And although 15% of these users indicate that they use password management software for some of their passwords, just 4% say this is the technique they rely on the most.

Beyond using password management software, cybersecurity experts recommend a number of other “best practices” to users. These include not using the same passwords across multiple accounts, as well as refraining from sharing passwords with others. When asked about their own behaviors in this regard, a majority of online adults (57%) report that they vary their passwords across their online accounts. However, 39%, the study found, indicate that most of their passwords are the same or very similar to one another. In addition, a sizeable minority of online adults (41%) have shared the password to one of their online accounts with friends or family members.

Those under the age of 50 are especially likely to indicate that their online passwords are very similar to one another: 45% of internet users ages 18 to 49 say this, compared with 32% of those ages 50 and older. And younger adults are especially likely to share their passwords with others: 56% of 18- to 29-year-old internet users have done so.

According to the study, 30% of online adults worry about the overall security of their online passwords, while 25% sometimes use passwords that are less secure than they’d like because remembering more complex passwords is too difficult. For the most part, these behaviors are relatively consistent across different demographic groups.

In addition, 39% of internet users report that they simply find it challenging to keep up with all of the passwords to their various online accounts: 44% of online adults ages 30 to 64 say they have a hard time keeping track of their passwords, compared with 33% of those ages 18 to 29 and 30% of those 65 and older.

This 39% of the online population that has a hard time keeping track of passwords also expresses concerns about password management in other concrete ways. Compared with the 60% of online adults who do not express difficulties keeping up with their passwords, this “password challenged” group is more likely to:

• Use the same or similar passwords across many different sites (45% vs. 36%)
• Worry about the security of their passwords (44% vs. 22%)
• Use simple passwords rather than complex ones (41% vs. 14%)

These “password challenged” individuals are also more likely to keep track of their passwords by writing them down on a piece of paper (56% vs. 44%), saving them in a digital note (31% vs. 20%), or by saving them in their internet browser (25% vs. 13%).

As smartphones have become increasingly prevalent – and as users engage in a wide range of sensitive behaviors on their phones – these devices have become the latest front in the battle over digital security. In general, smartphones can be compromised in two ways. The first is by gaining possession of the physical phone itself, and security experts recommend the use of a screen lock feature to prevent someone from accessing the contents of a smartphone that falls into the wrong hands. When smartphone owners were asked if they use some form of screen lock on their phones, around one-quarter (28%) reported that they do not.

Those smartphone owners who do utilize a screen lock take a wide range of approaches, with numeric PIN codes (used by 25% of smartphone owners) and thumbprint scanners (23%) being the most common. A smaller share uses passwords containing letters, numbers, or symbols (9%), or a connecting pattern of dots (9%).

According to the study, a large share of smartphone owners ages 65 and older (39%) say their devices do not have a lock screen, but it is not uncommon for younger smartphone owners to skip this security step either. Some 28% of smartphone owners ages 18 to 29, 24% of those ages 30 to 49, and 30% of those ages 50 to 64 indicate that their phones do not have any type of screen lock.

Those with lower levels of educational attainment are also relatively likely to forego using a screen lock on their smartphones. Some 80% of smartphone owners with college degrees indicate that they use a screen lock on their phones, but that share falls to 66% among those who have high school diplomas or less.

Overall, the survey findings indicate that many smartphone owners are slow to update their phones and the apps that come with them – and that in some cases, users are skipping these steps entirely. When it comes to the apps on their mobile devices, around half of smartphone owners indicate that they set them to update automatically (32%) or that they update them manually as soon as a new version is available (16%). However, a comparable share reports that they only update their apps when it happens to be convenient for them (38%) or that they never update the apps on their phones (10%).

Smartphone owners are similarly divided when it comes to updating the actual operating system on their devices. Some 42% of smartphone owners say that they typically update their operating system as soon as a new version is available, but more than half say that they only update their operating system when it is convenient (42%) or that they never update their phones (14%).

As was the case with screen locks, older smartphone owners tend to update their phones much less consistently than younger users. Some 21% of smartphone owners ages 65 and older say they never update their smartphone apps, while 23% say they never update their operating system. By contrast, just 6% of 18- to 29-year-old smartphone owners never update their apps – indeed, 48% of younger users say they set them to update automatically as they are available – and 13% of these younger users never update their operating system.

Anti-virus software is commonplace on desktop and laptop computers, and the same type of software can be installed on smartphones: 32% of smartphone owners report installing some sort of anti-virus software on their devices.

Along with users’ passwords and the physical devices they carry, the networks their devices are connected to offer an additional avenue for potential cyberattacks. Public Wi-Fi networks (such as those in cafes, libraries or other public spaces) are an especially common target for hackers. The mechanics behind these attacks vary, and not all public networks are inherently insecure. But in general, security experts recommend that users refrain from performing sensitive activities (such as banking or financial transactions) on public or otherwise unfamiliar Wi-Fi networks.

When asked about their use of public Wi-Fi networks, just more than half of internet users (54%) report that they do access Wi-Fi networks in public places. Younger adults are especially likely to do this: 69% of internet users ages 18 to 29 use public Wi-Fi, compared with 54% of those ages 30 to 49, 51% of those ages 50 to 64 and 33% of those 65 and older.

And when asked about some online activities they might engage in while connected to public Wi-Fi networks, most of these users indicate that they have gone online to access their social media accounts (66% of public Wi-Fi users have done this) or to check email (71%). However, around one-in-five of these users have used public Wi-Fi for more sensitive transactions such as online shopping (21%) or banking or other financial transactions (20%).

http://www.pewinternet.org/2017/01/26/2-password-management-and-mobile-security/