User passwords still weak as online fraud rises 300%

We are forever warned about the strength and quality of our passwords, but are we listening? A 300 per cent increase in online fraud since 2010 suggests not, and has led to further calls for users to take more care with the security of their Internet accounts.

New figures come from credit-checking firm Experian, which says fraudsters traded 12 million pieces of personal information online between January and April this year – a threefold increase from just two years ago.

Among the recorded victims of identity fraud, 14 per cent suffered a refusal of loans of credit cards, nine per cent had debts run up in their name, seven per cent were refused mobile phone contracts and the same figure were chased by debt collectors for money they didn’t owe.

Experian claims the increase in fraud is partly due to our growing number of online accounts, with customers now having an average of 26 separate logins but just five different passwords utilised across them. Exacerbating the issue is the fact that two thirds of people have accounts they no longer use but have not closed down, leaving them vulnerable to attack.

There is no magic wand to wave at the problem, however, as we are again and again urged to make our passwords complex and different from one another. Incorporating a mixture of caps and digits is recommended, as is the use of random password generators online - though this should be avoided for secure services such as bank accounts.

A host of additional tips can be found in ITProPortal’s guide to secure passwords.

The Experian findings arrive just days after yet another high-profile hack, as cyber-criminals stole up to 450,000 user accounts and passwords on Yahoo, many of which were defunct.

Earlier this week, Eric Doerr, group program manager for Microsoft account system commented on the problem in a company blog post, saying “these attacks shine a spotlight on the core issue – people reuse passwords between different websites.”

Doerr added, “This highlights the longstanding security advice to use unique passwords, as criminals have become increasingly sophisticated about taking a list of usernames and passwords from one service and then ‘replaying’ that list against other major account systems.

“When they find matching passwords they are able to spread their abuse beyond the original account system they attacked.”

Source: BBC

Image: V3