Study shows hackers more focused on passwords than those who create them

Study shows hackers more focused on passwords than those who create them

Summary: Survey shows depth to which Internet users are ignoring core precautions, using weak passwords, and storing sensitive data in email.


Nearly half of Internet users do not use a complex password and more than 25% of adults online have been notified to change their password for a compromised email account, according to a new cybercrime report released Wednesday.

The 2012 Norton Cybercrime Report concluded that strong passwords were one key element for protecting end-users online. In addition, newer forms of cybercrime are being targeted at social networks and mobile devices.

The report highlighted the fact that Internet users are ignoring core precautions. The survey, conducted with 13,000 adults in 24 countries ranging in age from 18 to 64, shows 46% don’t use a password that combines phrases, letters, numbers, symbols and caps and lowercase – so-called complex passwords.

 In addition, that same group does not change their passwords frequently, a practice that dictates the shelf-life and long-term value of a password.

These password creation and maintenance issues show that end-users don’t fully grasp the risk their authentication credentials can present.

In the first half of this year alone, three hacks involving LinkedIn, Zappos and eHarmony resulted in more than 30 million stolen passwords.

A recent study by security vendor Security Coverage shows password theft is up 300% this year.

In the Norton survey, 27% of respondents said they have been notified to change their passwords. The top three account types were email (33%), social networks (20%) and bank accounts (13%).

Those accounts hold sensitive private and financial data, the survey showed. Respondents reported storing everything from personal photos (50%), work-related correspondence and documents (42%), bank statements (22%) and passwords for other online accounts (17%).

With that kind of data to attract hackers, end-users are likely to be the victim of secondary attacks, where stolen credentials are used to access another one of the victim’s accounts.

"Personal email accounts often contain the keys to your online kingdom. Not only can criminals gain access to everything in your inbox, they can also reset your passwords for any other online site you may use by clicking the 'forgot your password' link, intercepting those emails and effectively locking you out of your own accounts," Adam Palmer, Norton Lead Cybersecurity Advisor, said in a statement.

The report also revealed that 72% of adults online in the United States have been the victim of cybercrime in their lifetimes, that there are 71 million cybercrime victims in the U.S., and that the average direct cost per victim is $290.

The global price tag for consumer cybercrime is $110 billion annually.

See also:

Topics: Security, Collaboration


John Fontana is a journalist focusing on authentication, identity, privacy and security issues. Currently, he is the Identity Evangelist for strong authentication vendor Yubico, where he also blogs about industry issues and standards work, including the FIDO Alliance.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Passwords....

    Regardless of what this post says, it won't make a difference. Users will care less and less until it effects them directly. Then it will matter.

    Sad...very, very sad.
  • Again?

    Why is it that tech writers have no clue what the term Hacker actually means?
  • No doubt Norton...

    wants so sell their product with their password manager embedded. I got to admit, it worked for some of my computer challenged clients; but I'll stick with LastPass, and Keyscrambler; thank you very much!