According to International Business Times, a new study finds more than 80% of Americans reuse their passwords, and many others continue to use inadequate security practices when it comes to the passwords they use to protect their accounts.

The security provider SecureAuth and research firm  Wakefield Research found that not only do people use the same password more than once, they also use the same login credentials for at least 25 percent of their accounts.

While most millennials are more tech savvy and open to new and more secure forms of authentication like biometrics, their password practices are worse than the general population. A whopping 92% of millennials admitted they reuse passwords, compared to 81% of Americans overall.

Even more troubling, more than one in three people – 36% – reported they use the same password for 25 percent or more of their online accounts.

Despite the rampant reuse of passwords – a major security weakness – most Americans are very concerned about the possibility of their account information being stolen. 69% said they were more worried about their online information being stolen than their wallet.

Many Americans have already experienced such a breach of an online account. 35% of people surveyed said they have had an online account hacked – including 50% of millennials.

Of those people who have fallen victim of a hack, 91% reported the account breach carried severe repercussions for them. The biggest issue for those who have been hacked include spam messages (42%), account lockouts and money stolen (38%) or an unauthorized purchase being made from their account (28%).

About one in five people—19%—who had an account hacked reported having personal information stolen, including Social Security numbers, date of birth, photos, tax records and other sensitive personal files.

Despite identity-based detection techniques such as geo-location, device recognition, and phone number fraud prevention, the practice of reusing passwords puts users at increased risk in the case of a data breach. Once passwords are stolen from one site or service—an occurrence that happens regularly—a malicious actor could use that same password to gain access to another account belonging to the same user.

Given the number of massive database breaches, including those from sites like LinkedIn or Yahoo that included millions of users, it is relatively easy for an attacker to cross reference an account and use the stolen credentials to attempt to break into another account.

Additional security protocols like using two-factor or multifactor authentication or using a password manager to generate more secure, unique passwords can provide some additional protection from these types of attacks.

Don’t think for a moment that this survey is only relevant to Americans, in an article recently tweeted by Stellenbosch University’s Information Technology, South Africa has the third highest number of cybercrime victims worldwide and lose in excess of R2.2bn to internet fraud and phishing attacks annually. South Africans are just as bad as the Americans with their poor password practices!