Operations //

Identity & Access Management

8/19/2014
03:15 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

More than Half of Consumers Share Passwords Leading to Security Concerns

Research reveals consumers leaving back door open to hackers by signing up for automatic log in options.

RESTON, VA – Leading digital identity expert Intercede today revealed the results of its latest researchThe Rise of the Identity Centric Economy, which found that consumers are inadvertently leaving back doors open to hackers as they share log in details and sign up for automatic log on to mobile apps and services. While 52% of respondents stated that security was a top priority when choosing a mobile device, 51% are putting their personal data at risk by sharing usernames and passwords with friends, family and colleagues.

The survey of 2,000 consumers also questioned whether these passwords are strong enough toadequately protect consumers’ applications and the data they hold. Half of respondents stated that they try and remember passwords rather than writing them down or using password management solutions, suggesting that consumers are relying on easy to remember combinations and using the same password across multiple sites and devices.

Richard Parris, CEO of Intercede commented: “As we live more and more of our lives online, all ourvarious digital identities need to be effectively protected – worryingly, it appears that this is not the case at the moment. We need so many passwords today, for social networking, email, online banking and a whole host of other things, that it’s not surprising consumers are taking shortcuts with automatic log ins and easy to remember passwords. These solutions are increasingly not fit for purpose though – they do not offer proof of a person’s identity and are easily lost, stolen or hacked, leaving consumers at risk of identity theft. It’s time for stronger authentication and more sophisticated forms of identity.”

The research revealed that consumers are not only sharing passwords but also potentially putting their personal and sensitive information at risk by leaving themselves logged in to applications on their mobile devices, with over half of those using social media applications and email admitting that they leave themselves logged in on their mobile device. Worryingly many consumers are also compromising their bank and credit card details by selecting ‘Remember me’ or ‘Keep me signed in’ options. Of those that use Amazon and other shopping sites, 21% said they were automatically logged in, while the figures stood at 16% for mobile banking and 12% for PayPal.

“Keeping your Facebook, Gmail, shopping and financial accounts automatically logged in might be convenient for consumers, but it’s leaving the back door wide open to hackers,” continued Parris.
“Consumers are more wary about clicking ‘Remember me’ when it comes to online banking and financial apps, but cyber criminals don’t necessarily need access to your bank account or credit card details to commit identity theft. There are plenty of rich pickings available in email and social media accounts too. Leaving yourself automatically logged in is like leaving the windows of your house wide open while you’re out – it’s time for a new generation of secure identity authentication for all our digital identities.”

About Intercede
Intercede is a software company specializing in identity and credential management with a global team of experts located in the US and UK.

Intercede’s MyID software enables organizations to create and use trusted digital identities for employees, citizens and machines. This allows secure access to services, facilities, information and networks.
MyID meets the highest government standards yet is simple enough to be deployed onto consumer devices such as smartphones and tablets. Critically, MyID provides an easy, convenient and secure alternative to passwords.

Millions of identities are managed using MyID and Intercede has provided identity verification and management services to global customers for more than 20 years. MyID is a commercial-off-the- shelf software product, designed and developed to be configurable so it can be embedded as the cornerstone of cyber security infrastructure for governments and corporations.

Customers trusting Intercede for secure digital identity include the US and UK governments and some of the world’s largest corporations, telecommunications providers and information technology partners. 

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Higher Education: 15 Books to Help Cybersecurity Pros Be Better
Curtis Franklin Jr., Senior Editor at Dark Reading,  12/12/2018
'PowerSnitch' Hacks Androids via Power Banks
Kelly Jackson Higgins, Executive Editor at Dark Reading,  12/8/2018
Worst Password Blunders of 2018 Hit Organizations East and West
Curtis Franklin Jr., Senior Editor at Dark Reading,  12/12/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
10 Best Practices That Could Reshape Your IT Security Department
This Dark Reading Tech Digest, explores ten best practices that could reshape IT security departments.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-1848
PUBLISHED: 2018-12-14
IBM Business Automation Workflow 18.0.0.0 and 18.0.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force...
CVE-2018-1977
PUBLISHED: 2018-12-14
IBM DB2 for Linux, UNIX and Windows 11.1 (includes DB2 Connect Server) contains a denial of service vulnerability. A remote, authenticated DB2 user could exploit this vulnerability by issuing a specially-crafted SELECT statement with TRUNCATE function. IBM X-Force ID: 154032.
CVE-2018-18006
PUBLISHED: 2018-12-14
Hardcoded credentials in the Ricoh myPrint application 2.9.2.4 for Windows and 2.2.7 for Android give access to any externally disclosed myPrint WSDL API, as demonstrated by discovering API secrets of related Google cloud printers, encrypted passwords of mail servers, and names of printed files.
CVE-2018-18984
PUBLISHED: 2018-12-14
Medtronic CareLink 2090 Programmer CareLink 9790 Programmer 29901 Encore Programmer, all versions, The affected products do not encrypt or do not sufficiently encrypt the following sensitive information while at rest PII and PHI.
CVE-2018-19003
PUBLISHED: 2018-12-14
GE Mark VIe, EX2100e, EX2100e_Reg, and LS2100e Versions 03.03.28C to 05.02.04C, EX2100e All versions prior to v04.09.00C, EX2100e_Reg All versions prior to v04.09.00C, and LS2100e All versions prior to v04.09.00C The affected versions of the application have a path traversal vulnerability that fails...