Users' reckless password habits presents broad identity theft opportunity 5 October, 2005 By Liam Lahey

PromoPipeline Exclusive Channel Promotions Find Out How You Can Make Money Today! ENROLL FREE! >> SaaS Trumps Social Media Mike Dubrall - Gilwell Group How to Evaluate Training William Vanderbilt - Innovative Learning Channels Please join me at the Vendor Channel Management Summit in San Francisco Robert M. Cohen - Integrated mar.com Discount or Payment for Services? William Vanderbilt - Innovative Learning Channels Goal Setting William Vanderbilt - Innovative Learning Channels

It's almost a contradiction in terms for users to be concerned about identity theft yet do little to truly protect themselves, and UPEK's findings make for a compelling argument on the subject. That UPEK is touting its own fingerprint solution -- its flagship TouchStrip fingerprint authentication solution is currently embedded in select Lenovo ThinkPad Z60m and Z60t notebooks targeting the small and mid-sized business (SMB) market -- is also noteworthy.

But of greater significance are the report's findings. UPEK said it conducted 100 random surveys of passersby at a coffee shop in San Francisco last July. From those surveys, the company said it had a consistent view of users' attitudes towards password protection and individual security behaviors.

"We tried to quantify people's attitudes towards the usage of passwords and behaviors and biometric fingerprint solutions . . . if there's too much effort involved, chances are they're not going to do it," said Greg Golez, vice president of marketing for UPEK. "But the results also reflect a willingness to pay more for better security.

"I think you'd find similar results if you conducted a survey of strictly enterprise business users but we didn't want to target that specific a group . . . we found the interaction between people and pass codes to be horizontal."

Overall, the findings read like a 'good news' story for hackers.

Of the results, 73 per cent of surveyed respondents said they believe their passwords are not a sufficient security measure. Of those, 76 per cent said they are willing to pay above market price to rid themselves of passwords entirely and adopt a biometrics fingerprint solution.

Consumers continue to put their data at risk by placing convenience above security, with nearly half of those surveyed confessing that they do not create secure passwords -- defined as a combination of random letters, numbers symbols and punctuation comprised of at least eight characters -- nor do they ever change their passwords.

The most popular method of creating passwords is using personal information, with over half of those surveyed using easily retrievable details such as a pet, child or spouse's name; 72 per cent of respondents use the same password for all logins.

Although 82 per cent of those surveyed expressed concerns about becoming a victim of identity theft, nearly 40 per cent shared their passwords with others. An overwhelming 76 per cent have critical information, such as banking information or sensitive data, protected solely by passwords. The remaining 24 per cent either did not use any security measures or relied on perimeter defense mechanisms such as anti-virus software to protect their information.

The survey also noted there is a lack of awareness regarding the use of fingerprint biometrics as a security measure with just over half of those surveyed (59 per cent) claiming they had ever heard of fingerprint reader solutions.

An estimated 72 per cent of the survey's respondents stated they use the same password for all of their logins (be it a computer at work or home). More than half (53 per cent) of the respondents admitted they don't use passwords in a secure fashion. For instance, using a password with a minimum of eight characters that includes numerals and/or punctuation. Meanwhile, 49 per cent said they never change their passwords and another 40 per cent of the respondents said they share their passwords with others. This despite the fact 76 per cent of those surveyed admit to keeping critical information (such as personal banking data) 'protected' by their passwords and little else.

Driving its point home, UPEK said it also asked respondents how much they'd be willing to pay for a fingerprint solution versus using passwords ever again. Over half (26 per cent) said they'd be willing to pay over-market value (greater than $50) for a fingerprint solution; 23 per cent said they'd be willing to cough up $1. This latter group also believed it was their employer's responsibility to pay for such a solution.

Inarguably, biometric fingerprint solutions are more secure than passwords. But is it possible to steal electronic fingerprints stored on a computer? Cyber- criminals are always scheming for new ways to steal or sabotage, what is the likelihood of identity theft of that magnitude over time?

"A part of UPEK's delivery of a complete security solution includes hardware to manage fingerprint images . . . other solutions out there that are software- based do matching and comparison (of fingerprints) on the Pentium, and that is less secure," Golez acknowledged.

In terms of the potential marketplace for biometric fingerprint security solutions, Golez said the notebook market continues to grow. He said every major OEM would have a fingerprint solution built-in to their notebooks by next year.

"The notebook market continues to grow rapidly. We're seeing major vendors including biometric fingerprint solutions on a targeted set of platforms," he said. "SANdisk and portable Flash devices is another area that's an emerging market.

"The feedback we've been getting from our OEM partners is that notebooks with biometric fingerprint solutions are being pushed in the enterprise. And they've found the simplicity of using our solutions is what gets the end-user hooked."