Who’s making a list and checking your passwords twice? Hackers.

December 17th, 2019   |     |  security and compliance, product & technology

It’s the holiday shopping season, and numbers are on everyone’s mind. Usually, it’s more along the lines of, “what’s my gift budget?” rather than thoughts of getting hacked, but you might want to pause for a second before you reuse that same username and password when you buy Grandpa his yearly 12-pack of socks.

This Black Friday and Cyber Monday, hundreds of millions of shoppers logged into websites - and according to the National Retail Foundation, “124 million people shopped in stores while 142.2 million shopped on retailers’ websites.” Ok, we get it, lots of people create shopping accounts.

Now, when you figure that 52% of users are reusing their passwords (and you don’t have to take my word for it — Microsoft’s recent study found a whopping 44 billion users reused their passwords in the first 3 months of 2019) that’s a cool 73.9 million people at risk for a breach.

Then, let’s consider that 81% of breaches are due to password reuse (again, don’t take my word for it, this one’s been true since 2017).

Okay, so again, here’s what we’re working with:

  • This Black Friday weekend, 142.2 million people shopped on a website.
  • 52% of users are reusing their passwords. Probably more, honestly.
  • 80% of breaches are due to password reuse.


Looking at this information all at once, I feel pretty comfortable saying that 73.9 million people are about to get hacked.

So what’s a good internet security citizen to do?

First, just go ahead and admit you have a problem. Don’t feel bad, so do your parents, most of your friends, neighbors, and almost certainly Grandpa. The next step is getting a sense of how bad the problem actually is.

Second step: Install Shield by OneLogin. It’s a browser extension that identifies each website where you are reusing passwords. All the information it stores stays local within your browser, is securely hashed, and never tracked anywhere — and only your computer has the list of which sites have reused passwords.

Information is power

Once you know where you are reusing passwords (and Shield is creating a list for you to… you know… check twice) then you can utilize a tool like OneLogin to manage or even create stronger, unique passwords for each site. If you’re already using OneLogin for work, you might not realize that it also functions as a password manager, by letting you register personal apps and generate passwords for them. Let it help you!

Don’t get caught on the naughty/pwned list

Shield even gives you a warning if you’re using a weak password like Password123 (Grandpa, we’re looking at you). Once you have total awareness of the size of your problem, all it takes is an evening or two watching holiday movies and updating your passwords to protect yourself. I highly recommend a Charlie Brown Christmas. Then, do your parents/grandparents/friends a favor and show them how it’s done, too.

Happy secure holiday shopping!

OneLogin blog author
About the Author

Kayla is a product manager at OneLogin with a passion for balancing user experience and strong security practices. With 10+ years of experience in Silicon Valley, ranging from small startups to corporate giants like Walmart.com, Kayla loves to champion data, customer feedback, and advocacy.

View all posts by Kayla Gesek

OneLogin blog author
About the Author

Kayla is a product manager at OneLogin with a passion for balancing user experience and strong security practices. With 10+ years of experience in Silicon Valley, ranging from small startups to corporate giants like Walmart.com, Kayla loves to champion data, customer feedback, and advocacy.

View all posts by Kayla Gesek

Secure all your apps, users, and devices