washingtonpost.com
Lax passwords expose quarter of PC users to theft
Almost half of survey respondents never change their password, increasing the risk of giving away their complete identity should that password be hacked or stolen.

Matt Egan
PC World
Tuesday, October 9, 2007 8:19 PM

Research Tuesday reveals that lax password habits are leaving a quarter of people in serious danger of falling victim to online fraud.

Online security specialists McAfee released survey findings to coincide with National Identity Fraud Prevention Week suggesting that nearly one in four people in Europe are at risk from online fraud.

McAfee analyst Greg Day said: "The sheer number of passwords needed means many people are resorting to using few and obvious passwords, we want to help people understand the consequences of this behavior."

See also: Identity fraud affects three in four Britons

Almost half (43 percent) of the 3,500 respondents to McAfee's survey never change their password, increasing the risk of giving away their complete identity should that password be hacked or stolen. To compound this error, almost a quarter (24 percent) of people surveyed use the same password to access all online accounts. A staggering 59 percent of respondents 'always' or 'mostly' use the same password for everything.

Respondents from France were the worst offenders -- 39 percent always use one password. In the U.K., only 16 percent fail to change their passwords -- still a dangerously high figure.

The survey suggests that expert advice to use longer, more complex passwords is being ignored. Fully 30 percent of people surveyed still use passwords of only one-to-six characters in length. Twenty-two percent use only alpha characters.

While 43 percent of respondents 'never' change their passwords, only 11 percent change it three times per year -- the recommended amount.

The most popular password was a pet's name, followed by a hobby and then Mother's maiden name. This is not surprising but worrying in the light of social networking sites, such as Facebook and MySpace, which openly hold much of this information. It also leaves users vulnerable to guesswork.

The survey also studied people's attitudes towards security on their mobile phones and found that nearly two thirds of respondents (61 percent) don't have a pin code to protect their mobile device. Of those that do have a pin code, over three quarters (76 percent) never change it and over a quarter (29 percent) just use the default setting.

The McAfee study concludes that consumers need to be more vigilant not only on a PC but also on mobile devices, to protect the 'key' to their ID and prevent them from becoming victims of digital ID theft.

© 2007 PC World Communications, Inc. All rights reserved