• United States

Study: Half of passwords are over five years old

News Analysis
Jun 09, 20153 mins

Consumers still aren't changing their passwords, a new report has found.

About half of those responding to an online survey say their passwords are over five years old.
Credit: Thinkstock

About half of those responding to an online survey say their passwords are over five years old, mobile security company TeleSign has found.

TeleSign, which provides account security solutions that are based on users’ mobile identities, commissioned Lawless Research to conduct the survey of about 2,000 adults. All of the respondents possessed a mobile phone and had at least one online account.

The study found that consumers rarely changed their passwords. Seventy-seven percent hadn’t changed their passwords in a year or more, and 21% of respondents use passwords that are over 10 years old.


And that’s just one of the shocking facts the survey discovered. In addition, 73% of respondents use duplicate passwords.

Of the consumers’ average of 24 online accounts, each consumer uses just six unique passwords to protect them, leaving accounts vulnerable.

Personal experience

One of the main problems, according to TeleSign, is that although it has found that most consumers worry about online security, and 40% have been hacked, only 70% have changed their passwords in response.

Even fewer users have re-vamped their security by adopting more secure protection methods, like two-factor authentication (2FA).

“Most internet users now count being hacked as one of life’s everyday concerns. Yet a disconnect remains between this increased fear and increased adoption of security techniques,” the report says.

More help

Based on the research, TeleSign says that 72% of the consumers surveyed want more help securing accounts, and although some of them have heard of two-factor authentication, they don’t know how to implement it.

Among the consumers who don’t use 2FA, the study says 56% don’t know what it is, 29% don’t know how to turn it on, and another 29% say they don’t think their online accounts offer it.

‘Turn it on’ website

In response to this disconnect, TeleSign has launched a guide to 2FA, tag-lined “Turn it On,” where it provides instructions on how to activate 2FA on numerous major websites, such as Facebook, Apple, Bank of America, and so on. For example, it explains how to receive a verification code to a mobile device from some of the sites.  


The website lists instructions for more than 100 websites, including those for social networks, backup and sync, email, and payments.

Amazingly, out of the 100 or so websites that TeleSign has listed on its “ultimate guide” as offering 2FA, only 11 are banks—and most of those are non-U.S.

Consumer knowledge

“The number one tip most experts give for increasing account security and stopping the fallout from data breaches is to turn on two-factor authentication,” says Steve Jillings, CEO of TeleSign, in his company’s press release.

“Yet our research shows that the majority of consumers don’t know what two-factor authentication is,” he says.


Patrick Nelson was editor and publisher of the music industry trade publication Producer Report and has written for a number of technology blogs. Nelson wrote the cult-classic novel Sprawlism.

The opinions expressed in this blog are those of Patrick Nelson and do not necessarily represent those of IDG Communications, Inc., its parent, subsidiary or affiliated companies.