- On average, Google Chrome users reported having seven compromised passwords and 10 weak passwords.
- Google Chrome users who used the browser's autosave feature to store passwords had 11% more of their passwords compromised and 24% more weak passwords than average.
- More than one in 10 Google Chrome users have been impacted by a security breach, reporting an average monetary loss of $331 per person.
- Gen Zers were the most likely to change their password in response to a Google Chrome security warning but also the most likely to ignore the warning.
Account insecurity in America
Password security alerts notify users when their passwords and accounts are at risk and possibly accessible to attackers. This situation often happens due to a data breach. Since account security is one of the most critical issues for anyone doing business online, we wanted to find out how it's impacting users of the most popular internet browser, Google Chrome. We asked more than 1,000 Americans of all generations how often they receive password security alerts, how it makes them feel, and what—if anything—they're doing to protect their data after a breach.
Problems with passwords
We first looked into how strong people's passwords were and what factors might contribute to their vulnerability.
No matter how "weak" Google judged respondents' passwords to be, they all seemed equally vulnerable. While baby boomers had the weakest passwords of any generation surveyed, theirs were only about half as likely to be compromised as those of younger generations. Meanwhile, millennials had the lowest number of weak passwords yet the highest number of compromised ones. Remote workers were also more likely than on-site workers to have used weak passwords, but were even less likely to have had their passwords compromised.
We also found that users who opted to autosave their passwords were considered by Google to be more at-risk, since they tended to use weaker passwords than those who did not autosave. Considering that more than 42% of respondents rely on this feature, could this be why more than 10% of Google Chrome users reported security breaches, costing the average user over $300?
Cryptocurrency investors turned out to be the most password-savvy. Crypto users often use cold wallets with extremely long and complex passwords to safely store their crypto funds, which could be why they're more cautious with their passwords. And with the world of crypto being so complex, those involved are likely more technically-minded than the average person. So, perhaps it's no surprise that these investors were 52% less likely to have weak passwords than the rest of our respondents.
The emotional impact of security alerts
Security warnings from your browser about potentially compromised accounts can cause strong emotions, especially when finances or sensitive information is at risk. Most reactions were unpleasant, while others were more surprising.
The research showed that younger users were much more likely to have received security alerts than older generations. Gen Zers, who tend to have more online accounts for shopping and spending digitally than other generations, received the most. Baby boomers received the least, but the difference in emotional reactions showed that even though younger generations received the most alerts, they didn't necessarily take them the most seriously. Perhaps these digital natives who freely share their data online at a higher rate than others are more desensitized to the dangers.
While the most common emotional responses were worry and confusion, baby boomers were more worried than the average American, while Gen Zers were more annoyed.
- Baby boomers reported feeling the least confusion (34%).
- Gen X was the least panicked generation (35%).
- Millennials were the most surprised (38%).
- Gen Z was the most amused (32%).
The majority of Americans found value in these warnings, since 66% said having their account security monitored made them feel secure. Despite more than one-third of Americans experiencing panic and worry because of these alerts, only 13% didn't feel safer.
Reactions to warnings
Once users processed their emotions, most took action. But some, usually younger users, chose not to heed the warnings to change their passwords. Let's find out what people did in response to account security alerts.
On average, 58% of Americans changed their passwords right away. However, the generations that reported the highest numbers of immediate change, Gen X and Gen Z, were also the most likely to do nothing. Millennials and baby boomers were less likely to change their password after being warned, but they were more likely to get around to it eventually.
Among those who didn't make a change, the most cited reason was simply not caring enough to do so. For most respondents, learning that their account might be compromised was enough to get them to change their password. And as it turns out, taking this survey helped as well: More than two-thirds plan to change their passwords as a result of participation.
Passwords are problems, not answers
Passwords are a significant factor in protecting online accounts. Google Chrome's autosave feature might make things easier for users, but it also might make things easier for hackers if the saved passwords aren't strong enough. While younger Americans seemed more apathetic about keeping their accounts secure, account security is a serious issue. The majority chose to respond to security alerts by changing their password, but is it enough?
For this study, we surveyed 1,035 Americans. Generationally, 7.8% of respondents were baby boomers, 22.7% were Gen Xers, 53% were millennials, and 16.5% were Gen Zers. Survey data has some limitations due to self-reporting. These limitations include telescoping, exaggeration, and selective memory.
About Beyond Identity
Beyond Identity is the leader in passwordless technology that provides phishing-resistant MFA. Their revolutionary zero-trust approach analyzes hundreds of risk signals to help protect users and companies and successfully authenticate identity in a safe and efficient way, all in their passwordless MFA platform.
Fair use statement
If you enjoyed our study on reactions to password alerts, please feel free to share it for noncommercial use. Just be sure to link back to the original page so our research team can receive credit for their work.