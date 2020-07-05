Angela Lang / CNET



Most people don’t take the idea of ​​changing their password after a data breach very seriously, a recent study says. Barely a third of users tend to change their password after a leak is announced, according to a study released earlier this month by the Carnegie Mellon University Institute for Security and Privacy (CyLab).

The researchers analyzed web traffic gathered through the university’s Safety Behavior Observatory (SBO), a group that users can subscribe to share their browsing history to aid academic research. Information was collected from 249 participants between January 2017 and December 2018.

Of the users, 63 had domain accounts that had been affected that publicly announced a leak during the information collection period. Of those 63 users, 21 changed their password on those sites. Additionally, only 15 of those users changed their password within three months of the leak announcement.

Because the SBO data included password information, the CyLab team also analyzed the complexity of the new passwords. The researchers found that of the 21 people who changed their password, only a third changed it to a more secure one. Others created a new password that was weaker or of similar strength than the old one.

The use of more complex passwords has allegedly become increasingly critical, given the prevalence of data exposure. The researchers blamed the hacked services in part because “they hardly ever warn people that they must reset similar – or identical – passwords on other accounts.” People are encouraged to take action like use a password gesture to keep track of your passwords and avoid common words and character combinations.