Ananya Bhattacharya | Quartz | January 26, 2017 | 0 Comments

Not Even Being Hacked Can Get Americans to Change Their Crappy Passwords


Between hacking, phishing and the internet of things, cyberattacks are a growing threat—and most Americans seem to know that. They just can’t be bothered to do anything about it.

According to a survey of 1,040 U.S. adults by the Pew Research Center, a majority of Americans have experienced some sort of data breach, with credit card fraud being the most common. More than a third have had sensitive information—financial, health, or other personal data—compromised, and 15 percent have had their Social Security number compromised.

Americans are also feeling the anxiety caused by a slew of massive hacks and cyberattacks. Distributed denial-of-service attacks, like the one that temporarily took down Twitter and Spotify in October, grew 30-fold between 2011 and 2014. Pew’s survey found nearly half of Americans believe their personal information is less secure now than it was five years ago.

Americans don’t put much stock in the public or private sector’s capacity to prevent hacks, either. Some 28 percent expressed a lack of confidence in the federal government’s ability to keep their personal information safe; 24 percent said the same about social media; 15 percent about credit card companies, cell service providers and companies they do business with; and 13 percent about cellphone manufacturers and email providers.

And yet, a majority of Americans continue to engage in digital practices that make it easier for hackers to gain access to their info. More than half use (insecure) public Wi-Fi networks on their phones. Forty-one percent share online passwords with friends and family members, 39 percent use similar passwords across multiple accounts, and 25 perecent use simple easy-to-guess passwords.

“[Sixty-nine percent] of online adults say they do not worry about how secure their online passwords are—more than double the share (30 percent) that admits to having worries about their personal password security,” Pew found. (One bright spot: More than half of online adults said they use two-step authentication on at least some of their online accounts.)

Pew’s survey backs up other findings on Americans’ cybersecurity habits. A data-dump of user passwords from music-streaming platform found “123456” and “password” are still among the commonly used.

While the administration being ushered in President Donald Trump has yet to outline plans for dealing with cybersecurity, there have been some worrying signs. Trump has allegedly refused to give up his own personal (non-secure) Android phone, and the head of Trump’s cybersecurity group—former New York City Mayor Rudy Giuliani—has a company website laden with security pitfalls. Trump’s cabinet has also emphasized the threat of terrorism far more than threats perpetrated by “cyber superpowers” like Russia and China.

“Fully 70 percent of Americans expect that the United States will definitely (18 percent) or probably (51percent) experience a significant cyberattack on its public infrastructure (such as air traffic control systems or power grids),” Pew found. Similar proportions of the public shared concern about breaches in the banking and financial sectors.

So Americans are worried… just not enough to protect themselves. Maybe Trump—a devoted adherent of printouts, PDFs and courier service—has it right after all.


Thank you for subscribing to newsletters from
We think these reports might interest you:

  • It’s Time for the Federal Government to Embrace Wireless and Mobility

    The United States has turned a corner on the adoption of mobile phones, tablets and other smart devices, outpacing traditional desktop and laptop sales by a wide margin. This issue brief discusses the state of wireless and mobility in federal government and outlines why now is the time to embrace these technologies in government.

  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

  • A New Security Architecture for Federal Networks

    Federal government networks are under constant attack, and the number of those attacks is increasing. This issue brief discusses today's threats and a new model for the future.

  • Going Agile:Revolutionizing Federal Digital Services Delivery

    Here’s one indication that times have changed: Harriet Tubman is going to be the next face of the twenty dollar bill. Another sign of change? The way in which the federal government arrived at that decision.

  • Software-Defined Networking

    So many demands are being placed on federal information technology networks, which must handle vast amounts of data, accommodate voice and video, and cope with a multitude of highly connected devices while keeping government information secure from cyber threats. This issue brief discusses the state of SDN in the federal government and the path forward.

  • The New IP: Moving Government Agencies Toward the Network of The Future

    Federal IT managers are looking to modernize legacy network infrastructures that are taxed by growing demands from mobile devices, video, vast amounts of data, and more. This issue brief discusses the federal government network landscape, as well as market, financial force drivers for network modernization.


When you download a report, your information may be shared with the underwriters of that document.