Only 24% of Europeans use different passwords for different websites

Filed Under: Featured, Malware, Security threats

Europe. Image courtesy of Shutterstock.Around 50% of European internet users are concerned about the dangers of cybercrime and online identity theft; just under half feel well informed about the risks they take online; and up to 46% have taken steps to improve their online security, although for the most part that goes no further than installing anti-malware software.

But 18% have not made any changes in their behaviour in response to security concerns, and 48% have not changed any of their online passwords in the last 12 months.

This is according to a large-scale survey carried out by the European Commission's Eurobarometer programme, questioning over 27,000 people across the European Union on their internet use, security attitudes and experiences.

The detailed report includes a wealth of stats taken from questioning people across the EU.

It starts with a general look at internet usage patterns, finding that over 70% of Europeans are online, with 54% accessing the web at least once a day. Of those, 70% say they are at least reasonably confident about their ability to shop and bank online, but only around 50% actually use these services.

So, it's clear that a fair number of people who feel able to bank and shop online are not doing so.

Safety concerns and responses

The reason for this gap is likely to be at least in part a lack of trust in the safety of the internet. More than a third of web users questioned were worried about their personal data being abused when shopping or banking online, and a similar number were concerned about the security of online payment systems.

Both figures were slightly down on 2012 numbers though, showing at least a slight increase in general confidence.

In response to security concerns, 46% have installed anti-virus software, 40% are cautious about opening mails from strangers, and around one in three web users try to avoid giving out personal information or visiting unknown and untrusted websites. Just over a quarter only use their own hardware to go online, and just under that figure (24%) use different passwords for different sites.

It's worth noting that these figures do not necessarily show the full number of people who take these safety precautions, due to the wording of the question.

It asks only if people have changed their behaviour due to security concerns, so it's quite possible that some may have anti-virus installed for other reasons, for example if it came pre-installed on their PC, or may avoid giving out personal information simply because they are shy.

48% of web users said they had not changed any of their online passwords in the last year. Of those who had made changes, the highest figure was for webmail (31%) with social networks just behind on 26%. Online banking passwords were less likely to be changed, with only 20% changing in the last 12 months, and shopping site passwords were rarely changed, at only 12%.

This seems like the wrong way around, with online banking and shopping passwords most likely to give cybercrooks direct access to the cash they are after, so perhaps there is yet more need for education here.

Cybercrime attitudes and experiences

On average, 44% of those surveyed said they felt at least fairly well informed about the risks of cybercrime, an improvement over last year but still fairly disappointing. As in most categories, figures were higher in Northern Europe and amongst the young and well-educated.

Contrasting with responses to a previous question, 87% of web users avoid disclosing personal info online, while 76% think that their risk of becoming a victim of cybercrime has gone up in the past year - and the survey was carried out in May and June, before the latest waves of data leaks and password catastrophes.

In terms of actual experiences, nearly a third of web users said they had spotted a scam or phish on email or over the phone, with 7% saying it was a regular occurrence. 12% claimed to have had their email or social media accounts hacked, with the same number believing cyberattacks have prevented them from accessing online services (although it's not made clear how they would know this was the case).

10% said they had experienced online fraud, 7% credit card or banking fraud and 6% identity theft. However, more (52% of internet users) were concerned about the risk of identity theft than worried about banking or card fraud (49%).

Slightly lower numbers were worried about account hacking, scams, dodgy purchases or stumbling across child porn, all between 42% and 45%.

In all areas, in the event of an online concern (including outages thought to be due to cyberattacks), the police were the most popular port of call.

Lessons to be learned

So, it seems like there's something of a delicate balance between ensuring people are well educated about the risks of using the web, and scaring them off.

Many people seem to be put off using online services by the potential dangers, but few are taking all the necessary steps to carry out their online business in safety - indeed few are even doing the basics.

We clearly have a long way to go in educating people that the web can be used reasonably safely, if only they take the time to understand where the risks lie and how best to mitigate them.

I guess we'll just have to carry on trying to spread that message, and see how we've done when the next study comes out.


Image of europe courtesy of Shutterstock.

, , ,

You might like

7 Responses to Only 24% of Europeans use different passwords for different websites

  1. Replace 24% of Europeans with 24% of all people everywhere.

    • TJay · 331 days ago

      I think a big part of the problem is that most internet sites want to use your email address as a user name.

    • Blake · 330 days ago

      Then it would be worse.

  2. Andrew · 331 days ago

    The longer the password the better and best not to store on your computer. Problem now is you need to remember all the passwords for the various sites that are visited. wow we are now increasing the chances of duplicating passwords and it never seems to end, There has to be a better way. I know I would not trust a passwords manager of any type yet the list of passwords increase on a daily basis. suggestion don't visit so many sites.

    • Blake · 330 days ago

      Write them down and just code them with a simple code so they look like gibberish is what I do. Putting them on your computer has potential for the hackers to get them. Putting on paper has potential for anyone in your house to get them. I trust my family more than hackers. By just putting down your passwords and not the usernames it decreases the risk. Lock them in a drawer and even better situation.

  3. Larry M · 331 days ago

    The problem of inadequate password storage does not seem to be easily solved. Perhaps there is an opportunity for a skilled third-party authentication solution, as is used for credit-card processing.

    SMBs know they can't securely manage transactions, so when buyers go to checkout, they are silently transferred to secure, expert third-parties to complete the transaction--specifically to manage credit-card details and merchant services.

    Why not start a similar business doing authentication? When the user clicks "Login" he is silently transferred to a third party where he enters credentials. If they are accepted, a token flows from third party to merchant, allowing his login.

  4. Chris Camejo · 327 days ago

    It is extremely worrying that while around half of all European internet users claim to be concerned about cybercrime and identity theft, close to the same proportion have actually done nothing to change their passwords over the past year. Of even greater concern is the fact that just 26 percent have changed their social media passwords in that same period. Often a threat that seems more irritating than business critical - such as a clumsy phishing email poking around for social media credentials - can very quickly trigger a serious breach when those same credentials can gain an attacker access to a corporate VPN, thanks to lackadaisical security practices. The same applies to more public incidents, such as the notorious 2012 LinkedIn hack. Compromised credentials can prove very useful to an attacker if they are reused elsewhere. The lesson to learn is this; it doesn’t matter how much protection a company builds around its authentication systems, if poor security hygiene allows meaningful credentials to be gathered from low-security sources outside of corporate controls.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

John Hawes is Chief of Operations at Virus Bulletin, running independent anti-malware testing there since 2006. With over a decade of experience testing security products, John was elected to the board of directors of the Anti-Malware Testing Standards Organisation (AMTSO) in 2011.