The private data of more than half of the UK’s residents is at risk from password fatigue according to new research from mobile identity firm TeleSign. The survey of more than 2,000 consumers found that 62% risk online account compromise by reusing their passwords across multiple online accounts. This duplication leaves people vulnerable to hackers due to the ‘domino effect’ – where a hacker steals a user’s password for one service and is then able to access numerous other accounts.
'At TeleSign, we’ve seen the impact of the domino effect first hand. Following the recent hack of an online retailer’s customer database, our security team saw a massive increase in fraudulent activity with email providers. This spike in activity was the direct result of hackers taking advantage of the passwords they had stolen from one service to access another,' said Steve Jillings, CEO of TeleSign.
Password requirements such as providing upper and lower case, symbols and numbers, intensify the issue as people struggle to provide and remember unique passwords for every online service they use. In fact, more than half of users delay or simply ignore password resets citing key reasons such as not being able to remember the new passwords.
Additionally, more than half of people surveyed – 56% – experienced an increase in password-reset notifications in the wake various major data leaks this year. However, four in ten people put off the changes until later and 10% simply ignored the request.
The reasons for not changing passwords ranged from the likelihood users would forget a new password (22%), that people know it is important but it gets overlooked (22%), they can’t be bothered (20%) or that they are asked to change their passwords too often (16%)
There was also confusion among users about accountability for password security, with 56% feeling the ultimate responsibility for online account protection fell to website providers.
There was also a lack of overall awareness of online security. Almost a quarter of 'generation Ys' (those aged 18-24) believe they are safe because they haven’t been hacked in the past.
When considering the most important accounts, banking websites were clearly identified as requiring the strongest passwords ahead of email and online shopping accounts.
Passwords are an artefact from a bygone era,' Jillings continued. 'If you want to keep something secure and private, a password alone is just not the right tool. A significant percent of these types of incidents can be prevented when providing stronger authentication methods. We believe leveraging a user’s mobile identity to confirm who they are – some combination of their phone number, their device, and their behaviour – is nearly impossible to hack compared to a password.'