A study by the Computer Technology Industry Association (Comptia) found that 84 percent of the 900 organizations it surveyed blamed human error either wholly or in part for their last major security breach.
"For the individual user, password proliferation started when they logged on to a computer for the first time," said John Venator, president and CEO of Comptia. "Every website that can identify you as a customer has a password on file for you."
Among the culprits are users who have only one password they use for everything. The survey found that most of these instances could be traced back to poor password security.
It said only using one password for all computing activity at home and work posed a great security risk and the consequences of losing this password "could be disastrous."
Comptia recommended that computer users have different passwords for different uses. Complex passwords should be used for online banking and e-commerce, while simpler passwords could be used for low risk websites.
Passwords used for work should not resemble any of the other passwords, according to advice from the association. It also urged users to change all passwords every 90 days.