New research conducted by the Centre for Internet Safety (CIS) at the University of Canberra on behalf of PayPal has found that almost half of all Australians only change their password when prompted and 62 per cent never bother.
Password proliferation is also rife. While 47 per cent of people have ten or more online accounts, 67 per cent admit to having five or fewer passwords.
Details of the survey which were released today by PayPal paint a very similar picture to that uncovered in last year’s survey, according to CIS director Alastair MacGibbon. He said that consumer behavior had not improved in the last 12 months and there was now a really “steep hill to climb.”
In the 2011 report CIS found that while 77 per cent of Australians had more than three online passwords, three out of five people used the same password for two or more accounts.
“I’m not saying we need two or three factor authentication. But look for anomalous behavior so that we don’t necessarily need a digital Pearl Harbour to change behaviours,” said Mr MacGibbon.
He said that the accelerating rate of smartphone adoption and emergence of mobile payments systems such as ANZ’s goMoney or Commbank’s Kaching, plus the emergence of social media payments applications meant there needed to be much more attention paid to the selection and protection of passwords. Earlier this year the NAB said that more than $1 billion worth of transactions was now being funneled through mobile devices.
Yet according to the CIS research 65 per cent of Australians take better care of their bank-card PINs than they do their online passwords.
According to PayPal Australia Managing Director Jeff Clementz many people as a result are leaving themselves vulnerable to online fraud.
According to the research, 87 per cent of consumers don’t believe anyone could guess their password, despite 22 per cent admitting they include personal information in their passwords.
PayPal Australia and CIS have released a series of recommendations about better password management which include;
- Work out how many passwords you actually have
- Allocate a unique password to each account
- When creating a password, do not use personal information
- Avoid using words you can find in a dictionary, people’s names, or simple phrases
- Choose a password with at least one number, one special character, one uppercase letter, and ensure it is at least eight characters long
- Never share your password
- Change your passwords twice a year
- If you can’t remember them, write them down in a safe place away from your computer
Image: Official US Navy Photograph, National Archives collection