How likely are you to be wooed into a false sense of security by a friendly face or the promise of a cash prize?
Armed with clipboards, pencils and matching ‘I LOVE NY’ shirts, a team of surveyors recently set up shop in New York’s Central Park on behalf of computer security firm RSA Security to find out how much personal information consumers would give up while participating in a survey supposedly about tourism in the city.
The organisers say the situation was deliberately constructed to feel official and safe, much as online phishing attacks try to convince customers of their legitimacy with real logos and industry terminology. In this experiment, the questions were aimed at uncovering the type of ‘innocent’ information; mother’s maiden name, favourite sports team, date of birth; that people commonly use as passwords but do not generally think they need to protect.
The survey revealed that most consumers freely give up personal data, which can be used to guess their account passwords or to steal their identity outright. Four findings show, it is claimed, that the vigilance that should be used to protect computer passwords is worryingly absent in spite of current threats:
More than 70pc of respondents gave up their mother’s maiden name
More than 90pc of people provided both their date and place of birth
Nearly 55pc explained how they devise their online passwords
Nearly 85pc of respondents provided their full name, current street address, and email address
A small number of survey takers declined to answer a question asking how they devised their passwords, stating that this request was ‘too personal’ or that they ‘don’t give out that information’. The same people, however, had no problem handing over their date of birth and mother’s maiden name, which suggests consumers often aren’t aware of ‘back doors’ into their accounts.
What they say
Chris Young, vice president of consumer authentication services at RSA Security, said: "A lot of personal information actually functions like a password and, as such, needs to be robustly protected. Many consumers have called their credit card company to check their account and been asked for their mother’s maiden name as a personal identifier. On top of this, with a bit of sleuthing, motivated phishers can guess what a New Yorker’s password is just by having his address and trying combinations that assume he’s a fan of the Yankees or the Knicks. Our survey reminds us that we all need to be more aware of such vulnerabilities, and take appropriate precautions."
The firm quotes recent research from the Federal Trade Commission that damage and loss resulting from ID theft and cyber-crime among American adults have increased to nearly $50 billion annually. Attackers are continually finding new ways to dig up personal data, it is claimed. Consumers are advised to take the following steps to keep their private accounts and identity secure:
Do not share your password; or your method for devising your password; to anyone
Be prudent with personal details including your mother’s maiden name, place of birth and date of birth (these details can be used as passwords or as inspiration for passwords)
Use a variety of passwords; not a universal one for all of your accounts
Check to see if your online service providers (banks, ISPs, auction sites) offer security products that provide more robust protection against unauthorised access to your account
Survey description
The RSA Security Life Questions survey was conducted in New York City between August 24 and September 6, 2005. Questions ranged from essentially harmless ‘Is this your first visit to New York City?’ to more sensitive requests such as the participant date and place of birth, mother’s maiden name, children’s names, pet’s name, favourite sports team, their methodology for creating passwords, full mailing address and more. 108 respondents took part and completed the 18-question in-person survey. Consumers who declined participation were not included in the final analysis of survey respondents. All of the gathered data was returned to respondents immediately.
