|
The
British are blasé about keeping
sensitive personal data confidential.
More than 60 per cent of 100 people
approached in the street by researchers
were happy to give clues about the type
of password they used (such as date
of birth or family names) on online
banking or ecommerce sites. Combine
this with other information, obtained
through various social engineering tricks,
and it is fairly easy to piece together
a potential victim's online identity.
The poll by Winmark Research, on behalf
of RSA Security, found that two- thirds
of consumers used the same password
to access different types of websites
- from email to bank accounts. One third
even admitted to sharing passwords with
friends and family, massively increasing
the risk of fraud.
Security? That's someone else's
problem, isn't it?
Despite a lax approach to personal security,
consumers would be inclined to blame
websites if anyone misused the information
they are so careless about protecting.
This could lead to a backlash against
online businesses, RSASecurity
warns. More than half (57 per cent)
of consumers quizzed in the survey believe
that the responsibility for protecting
their online identities and personal
information is the role of the large
companies running the websites.
Tony Neate, of the National Hi-Tech
Crime Unit, said: "Access to online
identities through personal information
and passwords is the new easy target.
The British economy loses millions of
pounds a year as a result of identity
fraud - this can only increase if people
do not become more aware of their responsibilities
to protect their virtual identities."
Tim Pickard, a marketing director at
RSA Security, said he was "amazed at
the level of ignorance from consumers
on the need to protect their online
identity. "Every day we hear examples
of physical identities being stolen,
from credit and debit card slips thrown
in the bin, or activities such as credit
card skimming.
However, there seems to be a huge disparity
between the perceived risk of physical
and online identity theft. Consumers
need to be more aware that their willingness
to hand over personal information to
strangers is actually a greater threat
- ultimately it could lead to their
identities being stolen online."
According to Pickard, it is unrealistic
to expect people to remember
multiple passwords (typically 20, according
to the survey) and keep them secure.
Instead the industry needed to move
to a federated ID system based on stronger
security, which he compared to the system
used by banks to allow users to log
into cash machines from different banks
using the same PIN number and bank card.
Office workers also clueless
about password security
A separate study, also out today, from
the organisers of next week's InfoSec
conference in London, reveals that office
workers are as lax about protecting
sensitive passwords as consumers.
A survey of 172 office workers at Liverpool
Street Station found that 71 per cent
were willing to part with their password
for a Marks & Spencer's Easter Egg.
Last year 90 per cent of office workers
at Waterloo give away their passwords
for a cheap pen, so perhaps things have
improved slightly.
In the 2004 survey the most common password
categories were family names such as
partners or children (15 per cent),
followed by football teams (11 per cent),
and pets (8 per cent), the most common
password was "admin". As well as lacking
security-savvy, the capital's office
workers there's show lack of imagination
when it comes to emails.
Two-thirds of workers use the same password
they use at work to access personal
financial services such as online banking,
a tactic that makes them more vulnerable
to financial fraud or even identity
theft. Workers used an average of four
passwords, the study found. Eighty per
cent of workers found using passwords
irksome and 92 per cent said they would
rather be able to log on using biometric
technology such as fingerprints and
iris scanners, or be able to log on
using smartcards or tokens. The vast
majority (86 per cent) said they would
like to see biometric and smart
card technology extended into electronic
banking.
The survey also found the majority of
workers (71 per cent) would take confidential
information with them when they change
jobs and almost a quarter (23 per cent)
would not keep salary details confidential
if they came across them.
Source:
John Leydon, The Register, www.theregister.co.uk
|
