About half of those responding to an online survey say their passwords are over five years old, mobile security company TeleSign has found.
TeleSign, which provides account security solutions that are based on users' mobile identities, commissioned Lawless Research to conduct the survey of about 2,000 adults. All of the respondents possessed a mobile phone and had at least one online account.
The study found that consumers rarely changed their passwords. Seventy-seven percent hadn't changed their passwords in a year or more, and 21% of respondents use passwords that are over 10 years old.
Duplicates
And that's just one of the shocking facts the survey discovered. In addition, 73% of respondents use duplicate passwords.
Of the consumers' average of 24 online accounts, each consumer uses just six unique passwords to protect them, leaving accounts vulnerable.
Personal experience
One of the main problems, according to TeleSign, is that although it has found that most consumers worry about online security, and 40% have been hacked, only 70% have changed their passwords in response.
Even fewer users have re-vamped their security by adopting more secure protection methods, like two-factor authentication (2FA).
"Most internet users now count being hacked as one of life's everyday concerns. Yet a disconnect remains between this increased fear and increased adoption of security techniques," the report says.
More help
Based on the research, TeleSign says that 72% of the consumers surveyed want more help securing accounts, and although some of them have heard of two-factor authentication, they don't know how to implement it.
Among the consumers who don't use 2FA, the study says 56% don't know what it is, 29% don't know how to turn it on, and another 29% say they don't think their online accounts offer it.
'Turn it on' website
In response to this disconnect, TeleSign has launched a guide to 2FA, tag-lined "Turn it On," where it provides instructions on how to activate 2FA on numerous major websites, such as Facebook, Apple, Bank of America, and so on. For example, it explains how to receive a verification code to a mobile device from some of the sites.
Banks
The website lists instructions for more than 100 websites, including those for social networks, backup and sync, email, and payments.
Amazingly, out of the 100 or so websites that TeleSign has listed on its "ultimate guide" as offering 2FA, only 11 are banks—and most of those are non-U.S.
Consumer knowledge
"The number one tip most experts give for increasing account security and stopping the fallout from data breaches is to turn on two-factor authentication," says Steve Jillings, CEO of TeleSign, in his company's press release.
"Yet our research shows that the majority of consumers don't know what two-factor authentication is," he says.