One in three Kiwis still use same password for everything, despite knowing how dangerous that is - study

Take an hour, maximum, this summer to update your passwords and create a passkey.
Photo credit: Getty Images

Recent research has found 34 percent of New Zealanders use the same exact password for all online accounts, despite 31 percent of us saying we are aware at least one of our passwords has been compromised or hacked.

The study, conducted on behalf of Google New Zealand, found that thankfully the number of Kiwis saying they always use a different password for every account online is trending up - it sits at 36 percent in 2023, an increase from 31 percent in 2021.

In recent years, two-step authentication and password manager software have made improving our online security considerably easier; but despite the prevalence of information on how damaging cybercriminals are to everyday Kiwis, it's concerning how many still aren't taking the free, easy steps to make themselves safer.

The research found the number one reason New Zealanders cited for not taking deliberate steps to protect themselves online is not knowing what steps they could take or where to start (36 percent).

There are free password managers such as Norton Password Manager and Bitwarden that mean you can have a different password for every account you use and not have to remember them - you only need to remember the one password for the manager app.

To go through each of your accounts, change its password and load that password into a password manager may seem like a daunting task, but it should take less than an hour and could save you thousands of dollars and enormous amounts of stress.

"Perhaps the opportunity of some days off over summer offers a nice time to go and reset your passwords," Darren Bilby told Newshub.

Bilby is a New Zealand cybersecurity expert who runs Enterprise Infrastructure Protection at Google. After years of helping the US tech giant keep itself cyber-secure, he's helping roll the safety tools out to the general public and knows all too well what can happen when someone's passwords are compromised.

"I guess the most difficult thing that can happen is that you lose access to your online life. That means all your personal photos stored online, your access to email, your banking details. It of course can mean a loss of money, but it also can mean blackmail and other scary things when your personal photos and information is stolen," he said.

The best password is... no password?

Using a secure web browser, cycling your passwords and making use of a password manager as well as two-step authentication are great ways to improve cybersecurity, but eliminating the need to use passwords is what Google, Apple, Microsoft and Samsung say is the best way for internet users to stay safe.

That is achieved by using a 'passkey' instead of a password, which is generally the same method of unlocking your phone or computer - by either fingerprint, facial recognition, pattern or PIN.

The big tech companies say passkeys are safer and more convenient than passwords, and they're willing to work together on making the technology free for users.

"There is a recognition of, 'hey, we all actually need everyone to be safe online for this whole thing to work, right?'" said Bilby.

"So, there's not a competition, as such, in this security space - it's more everyone working together. Google started a lot of this and initiated a lot of the technology, but Apple, Microsoft and others have been running with it."

The recent Google research found that after being informed about how passkey technology works, close to two-thirds of those surveyed said they are likely to use it to sign into their main online accounts instead of traditional passwords.

Many already will have, seeing as Google made it the default option in October.

"On Google sites, if you're using a device that will support passkeys, it'll offer you the option of using a passkey instead of a password," said Bilby.

"From then on you no longer need your password to log into Google on that site, and then it's the same for other websites. So, for eBay or Air New Zealand, they will start offering the use of a passkey instead of a password. If you say yes, it adds the passkey and that device will now work no matter where you take it, then you can enrol other devices too."

If you haven't yet set up a passkey, it would be a good idea to do so this summer, especially if you're already setting aside an hour - probably less - to finally go through and change your passwords.