April 30, 2019 by Jason Contant
What’s one easy piece of advice you can provide to your clients to help protect them from cyber-attacks?
Change your passwords.
Nearly one-third (30%) of people in Canada and the United States use the same passwords for all or most of their online accounts, potentially leaving them more vulnerable to cyber attacks.
That was one of the findings in cyber security company Kaspersky Lab’s Cyber-Stress, Refreshed report, released Monday. The survey of nearly 2,700 people, including more than 1,200 in Canada, found the re-use of passwords is a particularly bad habit among Gen Z. For those aged 16 to 24, the number using the same passwords for all or most of their accounts is as high as 44%.
Even those who consider themselves to be cyber security experts are using the same passwords, the report added. Nearly three-quarters of poll respondents (74%) said they are stressed about the number of passwords they have to manage.
Password re-use is widely known to be one of the riskier behaviours, because it can put users at risk for “credential-stuffing” attacks. This is when attackers use unencrypted username and password combinations that have previously been leaked in a breach to try and hack into accounts that may use the same information.
Canada is the third-most targeted country in the world for credential stuffing, according to a report released earlier in April by Akamai. The report recorded nearly 30-billion credential stuffing attacks in 2018. The United States was the most targeted country (with just over 4 billion attacks), followed by Russia (over 2.5 billion attacks) and Canada (almost 1.5 billion attacks).
“If I can get your details from one site and use them on another, like your Uber account, PayPal or an airline, I can start using your accounts for financial gain,” Lindsey Nelson, international cyber practice leader with CFC Underwriting, said in April. “While the value of a username or password is limited, it’s how it can be monetized that makes it valuable.”
So, if you want a separate username and password for each account, how do you remember them all? Manish Khera, cyber security incident response and investigations leader with Ernst and Young Canada, recommends the use of a password manager. “It allows you to get a little more granularity and uniqueness to your usernames and passwords,” he told Canadian Underwriter. “That’s a good way to mitigate the personal risk around credential stuffing attacks, which are very prevalent.”
There is a snag, however. Although half the people surveyed (51%) said they would be willing to share their personal data with their significant other, only 11% would be willing to share their personal data with a digital password manager.
Among other findings in Kaspersky’s report: