Study shows hackers more focused on passwords than those who create them

Survey shows depth to which Internet users are ignoring core precautions, using weak passwords, and storing sensitive data in email.
Written by John Fontana, Contributor

Nearly half of Internet users do not use a complex password and more than 25% of adults online have been notified to change their password for a compromised email account, according to a new cybercrime report released Wednesday.

The 2012 Norton Cybercrime Report concluded that strong passwords were one key element for protecting end-users online. In addition, newer forms of cybercrime are being targeted at social networks and mobile devices.

The report highlighted the fact that Internet users are ignoring core precautions. The survey, conducted with 13,000 adults in 24 countries ranging in age from 18 to 64, shows 46% don’t use a password that combines phrases, letters, numbers, symbols and caps and lowercase – so-called complex passwords.

 In addition, that same group does not change their passwords frequently, a practice that dictates the shelf-life and long-term value of a password.

These password creation and maintenance issues show that end-users don’t fully grasp the risk their authentication credentials can present.

In the first half of this year alone, three hacks involving LinkedIn, Zappos and eHarmony resulted in more than 30 million stolen passwords.

A recent study by security vendor Security Coverage shows password theft is up 300% this year.

In the Norton survey, 27% of respondents said they have been notified to change their passwords. The top three account types were email (33%), social networks (20%) and bank accounts (13%).

Those accounts hold sensitive private and financial data, the survey showed. Respondents reported storing everything from personal photos (50%), work-related correspondence and documents (42%), bank statements (22%) and passwords for other online accounts (17%).

With that kind of data to attract hackers, end-users are likely to be the victim of secondary attacks, where stolen credentials are used to access another one of the victim’s accounts.

"Personal email accounts often contain the keys to your online kingdom. Not only can criminals gain access to everything in your inbox, they can also reset your passwords for any other online site you may use by clicking the 'forgot your password' link, intercepting those emails and effectively locking you out of your own accounts," Adam Palmer, Norton Lead Cybersecurity Advisor, said in a statement.

The report also revealed that 72% of adults online in the United States have been the victim of cybercrime in their lifetimes, that there are 71 million cybercrime victims in the U.S., and that the average direct cost per victim is $290.

The global price tag for consumer cybercrime is $110 billion annually.

See also:

Editorial standards