Lax password habits leave European users open to online fraud

(12/10/2007)

According to McAfee Inc., nearly one in five British PC users are at risk from online fraud or identity theft due to poor password habits. The research reveals almost a fifth (16%) always use the same password to access their online accounts and almost half (41%) never change their password, increasing the risk of giving away their complete identity should that password be hacked or stolen.

The independent survey of 3,500 European PC users also uncovers the fact that expert advice to use longer, more complex passwords is falling on deaf ears. Over a fifth (22%) of Brits are still using passwords of only one-to-six characters in length and 18% use only letters.

When it comes to using the same password when we go online, British and German PC users have the safest habits in Europe with only 16% using the same password for everything. Spanish (37%) and French (39%) PC users were the worst offenders using the same password for everything.

But when it comes to changing their password, 41% of Brits never change their passwords, 16% change it once a year and just 11% change their password the recommended three times per year. The worst culprits for never changing their passwords were the Spanish (55%) followed by the French (51%).

It’s not entirely surprising that users are resorting to just one password for everything, as Britain’s PC users are signing up to more online sites than ever before. People are signing up to more and more online accounts and as result more of us are leaving our ‘digital DNA’ online – 50% of Brits said they registered their details online at least once every day – the highest in Europe. And 16% of Brits said they needed a password between 10-30 times every day.

"The sheer number of passwords needed means many people are resorting to using few and obvious passwords. We want to help people understand the consequences of this behaviour,” said Greg Day, Security Analyst, McAfee.

Despite advice to the contrary, the study shows that almost one in five (18%) Brits use simple letter only passwords. But one third of French (37%) PC owners used letter only passwords – the worst in Europe.

The Germans had the most secure passwords in Europe with 34% claiming to use a combination of letters of upper and lower case and numeric characters.

The most popular password across Europe was a pet’s name, followed by a hobby and then Mother’s maiden name. This is unsurprising but worrying in the light of social networking sites, such as Facebook and MySpace, which openly hold much of this information.

Britain’s Top Ten most popular passwords:
1. Pet’s name
2. Mother’s maiden name
3. Hobby
4. Favourite holiday destination
5. Favourite football team

Britain was the only country in which favourite football team made it into the top 5 most popular passwords.

The survey also studied people’s attitudes towards security on their mobile phones and found that only one third (31%) of British mobile phone users had activated their pin code protection – the lowest in Europe by a staggering 50%. Of those that do have a pin code, almost two thirds (62%) of Brits never change it.

“As more of us are using mobile phones we need to be aware of the need to protect them. Everyone is well aware that if your phone gets stolen, thieves can make expensive calls and by cancelling your SIM card this problem is easily solved. Yet, what most people don’t think about is the information that they have stored on their phone, such as online passwords or personal data – leaving this information unprotected means you are putting your online identity at risk.” said Jan Volzke, Head of Marketing, Mobile Security, McAfee Inc.

Mathew Bevan, the high-profile, ex-hacker, said: “The results of this study are incredibly worrying, as it proves just how slack people are. People that use one simple password that is easy to guess are just making cyber criminals’ lives easy. It’s like leaving your car keys in the ignition. People wouldn’t be so blasé with security in the real world i.e. home or vehicle security and, although people are probably aware of the threats, they simply aren’t taking online security seriously enough.”

The study concludes that consumers need to be more vigilant not only on a PC but also on mobile devices, to protect the ‘key’ to their ID and prevent them from becoming victims of digital ID theft.

Related topics:  Authentication and identity management   Hacking and intrusion prevention   Internet and Web security 

Print version | Email to a friend | Related articles

Data breaches: Trends, costs and best practices gives you all the latest information on securing personal and corporate data, key recommendations for immediate action to improve data security, and how to respond to data breaches.

Other Security news and resources