Consumers Blame Companies, Not Password Mistakes, for Compromises

Consumers Blame Companies, Not Password Mistakes, for Compromises

A third of US consumers put the value of their online life at somewhere between $100,000 to priceless.

According to TeleSign’s Consumer Account Security Report 2016, a full 51% of consumers experienced a security incident in the past year, whether it was having an account hacked, password stolen or their personal information compromised—perhaps awakening them to just how valuable their digital persona really is.

“When you consider what comprises an online life—email, banking and social media accounts, personal information, photos and more—these assets are extremely valuable, even ‘priceless’ as some reported,” said Aled Miles, TeleSign CEO. “With the majority of consumers looking to businesses to keep them safe online, companies need to prioritize providing strong account security or risk losing valuable users.”

More than half of the respondents surveyed (55%) place the onus on businesses as the party primarily responsible for providing for the security of their online and mobile accounts. And in fact, the report shows that nearly one in three victims of account compromise stopped doing business with the impacted brand.

That said, a bedrock reason for the uptick in compromises is actually a fault on the part of the consumers themselves: Password reuse. The survey shows that, on average, consumers use the same password for seven online accounts—meaning that 71% of online accounts are protected by passwords that are used across multiple sites. Additionally, 46% of consumers use passwords that are older than five years.

These statistics are significant when considering the magnitude of consumer credentials flooding the market in 2016, which has already recorded the highest number of data breaches on record according to the Identity Theft Resource Center. When credentials for one account are compromised, it creates a domino effect, essentially putting all other accounts protected with those same credentials at risk of cybercrime.

The report also found that millennials (ages 18 to 35) have the poorest security habits, putting them at the highest risk for fraud. Overall, 64% of the millennials surveyed have had an account compromised, hacked, or their password stolen while less than half (44%) of all other generations combined have experienced the same. Millennials were also found to use fewer unique passwords to guard their accounts, with 35% using only one to four passwords, versus 25% for all other generations.

As ever, convenience is the culprit: Nearly three in four (73%) consumers say forgetting their password is the most frustrating part of the account security process.

On the upside, consumers are making strides in adopting additional security beyond passwords. Just under half (46%) report enabling 2FA on one or more accounts, up from 39% in 2015, representing an 18% year-over-year increase. Further, of the 46% who have ever enabled 2FA, 77% turned it on for at least one new account in the past year. There’s a “learned my lesson” aspect here too: Those that had at least one account compromised are almost twice as likely to enable 2FA as those who have not been victims of online fraud (60% vs. 32%).

“With all the dangers we face today in our online lives, it’s encouraging to see that consumers are becoming increasingly aware of how to protect themselves beyond the password alone,” said Miles. “73% are urging companies to provide additional security such as 2FA. Turning it on is a step everyone can take today towards keeping their accounts secured and their online lives safe and private.”

Interestingly, only 12% of consumers are concerned about securing internet of things (IoT) devices, falling well behind concern for other accounts such as banking and finance accounts (87%) or email accounts (56%). 

Photo © LeoWolfert

Source: Information Security Magazine