Survey identifies that 34% of users use primitive and easily brute-forced passwords to protect their data

The risks of simple passwords is not fully understood by users

October 24, 2012

A survey carried out for Kaspersky Lab by O+K Research in 25 countries worldwide shows that the risks of simple passwords is not fully understood by users – in fact, a staggering 34% of respondents are practically unprotected.

A brute-forced or stolen password can give access to a user’s every last detail – starting with personal photos and finishing with credit card details. Therefore complex passwords to access online services are critical. It is also important not to use the same password for different services, for fear of losing not only important data but also your “online” personality, for example, via accounts on social networking sites.

According to the survey, insecure passwords which are easily brute-forced without any special techniques are used far too often. Examples include a date of birth (17%), a middle name (10%) or a pet’s name (9%). In fact, the survey shows that in South Africa, 13% of users select their pets name as their main password. The problem is that this sort of information will not only be known by your close friends and relatives who you may trust but a creative fraudster can easily find it on the Internet, for example, on social networking sites. Furthermore, another 8% of those surveyed use a simple combination of figures such as ‘123456’ or similar, and 5% of respondents simply use the word “password”. This type of “protection”, like other passwords based on easy-to-guess words, can be easily and very quickly brute-forced.

Another problem which is often overlooked is the repeated use of the same password. In theory, this avoids the danger of forgetting passwords. In practice however, if this universal password is compromised, fraudsters have an easy path into several accounts, services and programmes. When asked which activities they regularly perform on desktops and laptops, South African consumers responded with: 90% for email, 50% for online shopping, 79% for social media and 76% for online banking. If the same password is being used to undertake all these activities, the consumer is at massive risk of falling victim to cybercrime.

Take online banking alone as an example – cybercriminals are most interested in stealing financial information. If a user is using the same password to perform online shopping as well as access their banking accounts, it makes it easier for the cyber criminals to ‘crack’ the password and thus have access to the information that can cause devastating damage to an individual. According to the IDC, 2012 will see over a billion online purchases worth a total of more than $1.2 trillion – such statistics prove why cybercriminals are so interested in the world of online shopping and of course banking.

Says Riaan Badenhorst, Head of Operations for Kaspersky Lab Africa; “It is with this reality in mind that we have developed a new feature in our flagship consumer product line up, called Safe Money technology. It contains a diverse set of protection methods for when you deal with real money online. Such activity may include making purchases online, working with an electronic payment system like PayPal, or accessing your bank account from your computer.”

Here is how it works:

  •  Switches automatically to special “Safe Browser” mode when you visit banking websites; this isolates your payment operation from other online activities to ensure your transaction is not monitored
  •  Activates automatically when visiting most common payment websites, and you can easily add your own bank or shopping website to the list
  •  Checks the authenticity of the payment website itself to ensure the site isn’t compromised or a fake
  •  Safe Money evaluates the security status of your computer, and warns about significant threats that should be addressed prior to making payments
  •  Virtual Keyboard ensures tamper-proof entry of your password or credit card number

Concludes Badenhorst; “Cyber security is an essential aspect for all to consider today when making use of the Internet – which the majority of us do every day. Our recommendation to consumers is to not only take the above into account, but to make sure that you are protected with the right security solution.”

The full report on the O+K Research survey results is available at: http://www.kaspersky.com/downloads/pdf/kaspersky-lab_ok-consumer-survey-report_eng_final.pdf
For more information on Kaspersky Internet Security 2013, please visit: http://www.kaspersky.co.za/internet-security