London, November 27, 2014 — The private data of more than half of the UK’s residents is at risk from password fatigue according to new research from TeleSign, the Mobile Identity company. The survey of more than 2,000 consumers found that 62 percent risk online account compromise by reusing their passwords across multiple online accounts. This duplication leaves people vulnerable to hackers due to the ‘domino effect’ – where a hacker steals a user’s password for one service and is then able to access numerous other accounts.
“At TeleSign, we’ve seen the impact of the domino effect first hand. Following the recent hack of an online retailer’s customer database, our security team saw a massive increase in fraudulent activity with email providers. This spike in activity was the direct result of hackers taking advantage of the passwords they had stolen from one service to access another,” said Steve Jillings, CEO of TeleSign.
Password requirements such as providing upper and lower case, symbols and numbers, intensify the issue as people struggle to provide and remember unique passwords for every online service they use. In fact, more than half of users delay or simply ignore password resets citing key reasons such as not being able to remember the new passwords.
Additional findings from the TeleSign research:
- More than half of people – 56 percent – experienced an increase in password-reset notifications in the wake various major data leaks this year. However, four in ten people put off the changes until later and 10 percent simply ignored the request
- The reasons for not changing passwords ranged from the likelihood users would forget a new password (22%), that people know it is important but it gets overlooked (22%), they can’t be bothered (20%) or that they are asked to change their passwords too often (16%)
- There was also confusion among users about accountability for password security, with 56% feeling the ultimate responsibility for online account protection fell to website providers
- There was also a lack of overall awareness of online security. Almost a quarter of generation Ys (18-24) believe they are safe because they haven’t been hacked in the past.
- When considering the most important accounts, banking websites were clearly identified as requiring the strongest passwords ahead of email and online shopping accounts
“Passwords are an artifact from a bygone era,” Jillings continued. “If you want to keep something secure and private, a password alone is just not the right tool. A significant percent of these types of incidents can be prevented when providing stronger authentication methods. We believe leveraging a user’s mobile identity to confirm who they are – some combination of their phone number, their device, and their behaviour – is nearly impossible to hack compared to a password.”
TeleSign delivers account security and fraud prevention for more than 3.5 billion online accounts worldwide based on a user’s mobile identity and driven by real-time, global intelligence, including reputation scoring and device data.
In order to prevent data loss and identity theft from password fatigue, TeleSign recommends users take the following actions:
- Websites are increasingly providing two-factor authentication options to better secure accounts, but require users to find and ‘turn on’ this feature, often located under the security settings.
- Check third party resources such as twofactorauth.org to confirm your social networking, banking, cloud computing or other online service offers the two-factor authentication option or encourage them to do so.
For cloud service providers and application developers interested in offering a secure and easy two-factor authentication solution to their customers, learn more at telesign.com.
Every second, of every day, TeleSign protects the world's largest Internet, mobile, and cloud properties by establishing and verifying Mobile Identity. TeleSign's Mobile Identity platform gives digital businesses the ability to connect a unique identity with every account to verify new registrations and authenticate existing users. TeleSign created Mobile Identity to help businesses preserve their ecosystem by detecting a suspicious user before account creation, and to better protect their existing user base from account compromise.
TeleSign is trusted by the world's largest companies and protects 3.5 billion accounts in more than 200 countries and in 87 languages.