RSS feed Get our RSS feed

News by Topic

BizReport : Trends & Ideas archives : November 13, 2014

Survey reveals Americans' lax attitude to online password management

The Federal Trade Commission receives millions of complaints each year with identity theft consistently topping the list. However, according to new research one in five Americans continue to use the same password they use for banking on a variety of other websites.

by Helen Leggatt

When ID Watchdog polled 1,300 Americans, they found that despite a fear of identity fraud and frequent reports in the media of large organizations' data being hacked, 20% of Americans remain lax when it comes to safeguarding and regularly updating their online passwords. One in 4 has never changed their banking personal identification number or password and just 44% were more cautious a a result of recent data breaches with national retailers.

In 2013, Americans reported losing more than $1.6 billion to fraud, with more than 2 million complaints received in total, of which 14% were concerned with identity theft.

"In this digital age, all of our digital information is at risk," said Michael Greene, chairman and CEO of ID Watchdog, an online identity theft protection service. "Hackers steal account credentials in the thousands to millions at a time, and with those credentials they steal your identity."

Other findings from the survey include:

- 40% said that at least one other person knows their banking username and password;

- 1 in 10 admits to having given a bank card and PIN to a friend or co-worker to allow them to take cash from an ATM or make a purchase;

- 1 in 3 worries that the friend or co-worker they revealed their PIN to might one day take advantage of their trust;

- 1 in 3 said they know their spouse or partner's PIN;

- 1 in 10 admits to knowing their mother's PIN;

- 16% had previously fallen victim to identity theft mostly from stolen wallets, purses, social security numbers and mail.

"It is important to protect your passwords and use strong combinations with alternate characters and numbers, but don't write them down," said Greene. "Users should change their passwords regularly, and also to be sure to use different passwords on your different accounts. It's the same as locking your door when you leave the house for the day."

Tags: identity fraud, online banking, personal data

Subscribe to BizReport

  • Hitoshi Anatomi

    Using a strong password does help a lot even against the attack of cracking the leaked/stolen hashed passwords back to the original passwords. The problem is that few of us can firmly remember many such strong passwords.  We cannot run as fast and far as horses however strongly urged we may be. We are not built like horses.

    At the root of the password headache is the cognitive phenomena called “interference of memory”, by which we cannot firmly remember more than 5 text passwords on average. What worries us is not the password, but the textual password. The textual memory is only a small part of what we remember. We could think of making use of the larger part of our memory that is less subject to interference of memory. More attention could be paid to the efforts of expanding the password system to include images, particularly KNOWN images, as well as conventional texts.

    By the way, some people shout that the password is dead or should be killed dead. The password could be
    killed only when there is an alternative to the password. Something belonging to the password PIN, passphrase, etc)and something dependent on the password (ID federations, 2/multi-factor, etc) cannot be the alternative to the password. Neither can be something that has to be used together with the password (biometrics, auto-login, etc). What can be killed is the text password, not the password.

  • Helen Leggatt

    Excellent observations, thank you



Copyright © 1999- BizReport. All rights reserved.
Republication or redistribution of BizReport content is expressly prohibited without the prior written consent.
BizReport shall not be liable for any errors in the content, or for any actions taken in reliance thereon.