Identity fraud: The 5 password mistakes everyone still makes

Identity fraud is one of the most feared online attacks, as a criminal can effectively take control of your online life. Despite the recent iCloud scandal occurring due to weak passwords, people still aren't staying safe online. This week we had the pleasure of chatting to Tom Kemp, CEO of Centrify about the threat of identity theft.

Your report mentioned that whilst only 25 per cent of UK consumers have been a victim of identity fraud, a whopping 81 per cent were concerned or very concerned about it happening to them.

How do you explain the disparity between actual figures versus percentage of concerned consumers? And what is it about identity fraud that makes it so scary?

Yes, the disparity is interesting between those who are concerned or very concerned about ID theft or fraud and those who have already been a victim. The simple fact is that identity theft has a much higher profile than it ever has before – people are aware of it and are understandably worried about it.

Maybe they know someone who has been a victim or have seen the headlines and it’s giving them cause for concern. The fact that people are worried means they are likely to behave differently, so thinking about what they do online and how they do it.

If it means they make small changes to their behaviour, for example, making their passwords more complicated or not using the same one for multiple sites, this is a step in the right direction.

Identity fraud is very personal and when you become a victim it affects you directly, not your company. For example, we asked consumers about credit card information, and 79 per cent ranked having credit card information stolen online as the second biggest concern above being a victim of cybercrime (which was 73 per cent).

Surprisingly, cyber bullying was the least concerning, with just 40 per cent showing any real concern, whilst privacy of social networks and email spam ranked much higher.

[caption id="attachment_109068" align="alignnone" width="800"]

lock, identity fraud, password

This is a visual metaphor[/caption]

Perhaps rather shockingly, your report found that those who spent a lot of time online are actually less concerned with identify fraud. Is this due to a better-perceived understanding of online security or due to those who spend less time online having less knowledge about security?

The question is whether those who spend more time online – banking, shopping, social networking –are not only more web savvy, but also safer? They probably think they are, but they may also be prepared to take more risks, perhaps due to complacency or to cut corners, whereas those with less experience are more cautious?

But whether you have a high, medium or low digital footprint, the same rules apply when it comes to security and there is no excuse for cutting corners.

I personally cut a lot of corners browsing the web, particularly with my passwords. What are some of the key mistakes people make with their password habits?

In our survey, we asked what respondents what they do to remember their passwords, the top five were:

1. Always use the same password whenever possible

2. Rotate through a variety of similar passwords

3. Keep a written password in a master book of passwords

4. Use personal information in a password

5. Avoid using complicated symbols or combining upper and lower case

Since many of us now enter a password online more than 10 times a day, which is up to 4,000 times a year, we tend to fall into bad habits like writing them down or using the same one again and again.

If we can all be more aware of our password habits, so changing them regularly, using more complicated combinations of numerals and letters and not using personal details in them especially for banking and shopping sites, this is a good start.

You're quoted as saying "online purchases were the top reason that users thought they became victims of identity theft," were the users correct? Is the fault more with the online businesses or with consumers’ passwords?

Retailers and banks have come a long way in recent years to make their sites more user friendly and safer, but they can do more, especially retailers who are prepared to offer less security because it means more transactions.

Users in turn have become more confident about using online sites – who would have thought we would be doing mobile banking just a few years ago? But consumers are still making basic mistakes, which is quite shocking.

Our survey showed that 38 per cent of users don’t use a PIN number on their phone and a quarter use the same password across all devices. So it’s clear that this awareness and confidence is not necessarily translating into action.

Following on from that what can online businesses do to ensure that their clients and customer's data is kept secure?

Online businesses are doing a lot already, but where they can improve is in educating users. Banks do a good job in suggesting users download security software as part of their login procedures and also employ two-factor or multi-factor authentication.

Others should take note, while balancing security with ease of use. Organisations need to force things such as password changing and using the right technology to improve their security processes.

Lastly what is the one takeaway readers of ITProPortal should take away from this interview?

There’s work to be done on both sides. Regardless of how much time you spend online, you can never be secure enough – make sure you are doing the basics right when it comes to passwords and managing your online identity.

Online sites also need to encourage this more and force users into adopting good habits online, by using more robust security measures and making users aware of the consequences if they don’t.

Which of Tom's five mistakes are you guilty of? How do you create strong passwords that are memorable? Let us know in the comments below.

Image credit: MatthewRagan