Published April 16, 2008
SAN FRANCISCO – Using the same password for multiple Web pages is the Internet-era equivalent of having the same key for your home, car and bank safe-deposit box.
Even though a universal password is like gold for cyber crooks because they can use it to steal all of a person's sensitive data at once, nearly half the Internet users queried in a new survey said they use just one password for all their online accounts.
At the same time, 88 percent of the 800 people interviewed in the U.S. and the U.K. for the survey by the Accenture consultancy, which is to be released Thursday, said personal irresponsibility is the key cause of identity theft and fraud.
Researchers say the findings suggest that many users underestimate the growing threat from organized cyber criminals who can reap big profits from selling stolen identities.
"There's a lot of confusion out there — a lot of people don't think there's a problem," said Robert Dyson, a senior executive in Accenture's global security practice. "There's still the kind of head-in-the-sand situation: 'My identity hasn't been stolen. I don't know anybody who's had their identity stolen. So it must not be happening.'"
Dyson said the problem with repeating passwords is that a hacker who successfully breaks into one account then has an easy time guessing how to get into all the user's other accounts.
Many users repeat passwords so they don't forget them, which shows in another finding that 70 percent of survey respondents in the U.K. said they don't write down their passwords, versus 49 percent in the U.S.
Only seven percent of the respondents said they change their passwords often, use password management software or use a fingerprint reader to access their machines and accounts.
The survey looked at people who used a computer at home, have high-speed Internet access and go online at least twice a week for something other than checking e-mail. The respondents were selected at random and questioned over the telephone. The mean age was 46.
The survey's margin of error was plus or minus 3.5 percent for the total sample and plus or minus 4.9 percent for U.S. and U.K. samples.
Accenture noted that the results represent the behavior of a random sample of this subgroup of Internet users, not the overall general pool of U.S. and U.K. consumers.