BitDepth#1506

Mark Lyndersay

AT THE heart of most cybersecurity problems is a compromised password. A password that was guessed. A password unknowingly shared with a hacker in a phishing operation. A password found in a data breach that was still active.

It doesn't matter how well something is locked down if the key can be easily found or replicated.

Passwords are a problem, not least because they are such a pain to think up, to remember and to change with any kind of non-mandated frequency.

Heepsy, an online service for tracking influencers for marketing, recently published its findings about password reset frequency.

Why would a user request a password reset? They might have forgotten the password. They might be concerned that a data breach might have left their account vulnerable. The user might also be in the midst of having their account hijacked through a phishing e-mail and a careless response might make the situation even worse.

Heepsy tallied the search requests by platform for the terms "password reset," "forgot password" and "recover account."

YouTube topped Heepsy's evaluation with 35,899 searches per 100,000 users and an estimated password reset frequency of 4.3 times per year.

The top ten line-up in this ranking of password resets runs the way you would expect. A platform with more users tends to have more password reset requests. YouTube with 3.9 billion active users and Facebook with 2.1 billion are ranked first and second, but you have to skip two placings, past Pinterest and X, to get to the third largest platform profiled.

Instagram has 1.6 billion users but just 5,894 search requests per 100,00 users and only 0.7 reset requests per year.

It's unlikely that Facebook has different levels of user security on Facebook and Instagram, so how and where the platform is used might play a role in understanding the wide variance in password vulnerability.

One key difference between Instagram and the other high-volume user platforms, YouTube and Facebook, is access.

Just two per cent of Instagram account holders visit the site on the desktop. It is overwhelmingly a mobile app platform.

The platform with the next largest user base, LinkedIn, with less than a quarter of Instagram's users at 386 million, logs 0.3 resets annually.

What's causing this epidemic of password resets and recovery?

Y'all keep using weak passwords. Nordpass noted in its 2024 report on the weakest passwords being used that "123456" again topped the rankings with three million instances found in dark web data dumps. Following close behind was "123456789" with 1.6 million instances. People, we aren't even trying here.

Passwords are reused across multiple sites and apps by 85 per cent of users, increasing the ripple effect of hacks.

Weak or stolen passwords are responsible for 80 per cent of data breaches.

Password managers seemed like a good solution at one point. Allow the password manager to create truly gibberish passwords and have just one password that unlocks it.

You can pr