Password reuse opens door to ID theft

 

Gallery

By Rene Millman

Posted on 7 Mar 2007 at 16:21

The issue of choosing appropriate passwords for a range of online accounts has been raised by Kaspersky Lab in a new study. It highlights, in particular, how people who use the same password for multiple accounts and websites are leaving themselves open to identity theft.

The security company has carried out a survey on password habits and found that 62 per cent of users have up to ten online accounts that require passwords, with 23 per cent of users having more than 20 password protected accounts.

The study of 150 people also found that more than half of respondents (51 per cent) use only between one and four passwords to access their accounts.

'Today's threat landscape is very different from that of a few years ago,' said David Emm, senior technology consultant at Kaspersky Lab. 'Malware is designed to remain undetected so that it can target victims individually and harvest personal information, to be used for criminal purposes.'

He also said that consumers freely disclose pieces of information, on social networking sites, that are designed to be used as unique identifiers - pet name, mother's maiden name, nickname, even car registration number.

'All it would take is one clever hacker or phisher to get hold of these databases and they could have access to a raft of online accounts,' he warned.

Another survey found that identity theft has increased by 50 per cent over the last year in the US.

Approximately 15m people in the country were victimised by some sort of identity-theft-related fraud in the 12 months up to the middle of 2006, a report from Gartner said.

The survey of 5,000 US adults found that the average loss of per person was $3,257 (£1,692) in 2006, up from $1,408 (£731) in 2005.

'Hackers are exploiting Internet auctions, non-regulated money transmittal systems, the ability to impersonate lottery and sweepstake contests, and other types of imaginative scams," said Avivah Litan, vice president and distinguished analyst at Gartner.

'The thieves have also discovered the weakest links in the US payments systems. Typically, the weak links are found among the five or more million businesses that accept electronic payments from consumers, and the consumers themselves,' she said.

According to the report electronic theft is a leading cause of certain types of fraud, including credit card, debit card and bank account transfer fraud.

'All sensitive electronic data needs to be protected, but enterprises should be aware that the low hanging fruit for the criminals is electronic card and checking account numbers, as well as user IDs and passwords for online financial accounts,' said Litan.