Monday, 10 October 2011

Facebook Passwords


Social media users are increasing their chances of identify fraud, by providing clues to their online passwords.

A study by me commissioned by life assistance company CPPGroup Plc (CPP) has revealed that one third (32%) of Facebook profiles contain at least two pieces of personal information such as their mother’s maiden name, date of birth, hobbies or children’s names. This information is often also used as a password or as an answer to a security question when users look to reset their online account log-in details.

In the study, details including the name of the user’s first school (64%), employer (46%), dates of birth (25%), children’s names (25%) and favourite football team (17%) were found to be visible on many people’s Facebook profiles.

As the most active social media users, those aged 18 to 24 with a Facebook account are the most likely to publicise their personal information – and often to complete strangers. This age group has on average more than 250 friends but 81%[i] say they do not trust all of their Facebook ‘friends’. Half (50%) have accepted a friend request from a total stranger and 9% would accept an invitation from someone they did not know if they were good looking or popular.

But it’s not just the 18 to 24 year olds who are making themselves vulnerable - users of all ages are putting themselves at risk. One third (33%) of all those with a Facebook account admit to accepting an invitation from people they had never met before, with 38%[ii] confessing they don’t know everyone they are friends with on the site.

Over half (52%) of the Facebook account holders questioned had received friendship requests from strangers. And despite recent media controversy around privacy and security on the site, one in twenty (6%) users allow anyone and everyone to see their entire profile.

Danny Harrison, CPP’s Identity fraud specialist is calling on individuals to not use personal information for online passwords or security questions.

“It isn’t a good idea to use personal information for passwords online. Sharing is the whole point of Facebook and other social media sites, so users are naturally going to promote their personal information online. The problem is this information could be used by fraudsters to reset passwords and access people’s online accounts. To compound the problem, there are tools available online that can capture keywords from a website, including a Facebook profile, and others which will trial variations of the identified keywords until a password match is found.

For this reason, we are advising people to not use personal information as a means to verify their online identity and facilitate access to their online accounts.”

Personal information most commonly used as passwords[iii]:
1. Interests
2. Hobby
3. Favourite football team
4. Favourite football player
5. Children’s names
6. First school
7. Pet’s name
8. Dates of Birth
9. The user’s name
10. Maiden name

For further details please refer to my white paper.


Copyright 2009 Jason Hart. Powered by Blogger Blogger Templates create by Deluxe Templates. WP by Masterplan