Victims of identity theft are twice as likely to hail from English-speaking countries than from France, Germany or Spain. Some punters worldwide are putting themselves at risk by putting personal details - such as pet names - used as passwords for sensitive online accounts into social networking profiles. A survey commissioned …
Perhaps I'm missing something...
...but if I were an identity thief, I'd probably use phishing emails as my usual attack vector (why hunt down individuals when you can just ask the gullible ones to identify themselves) and I'd probably use English as the language of my mails (why pick a less widely known lingo?).
So, er, isn't this just embarrassingly obvious?
Given the dominance of the US in these things, dictionary password attacks play a part, as do the use of accents in non-english, western, languages, makes inputting passwords a little more difficult for people outside of those countrys.
Birthdays and pet names...
... ARE NOT PRIVATE INFORMATION! Neither is my mothers maiden name, or any of the other crap they ask me. Anyone who knew me as a child, or does some background research in publicly available databases (previous residences, county of birth, etc) can find that crap out. My password is my private information, and I keep it very secure. Now banks are trying to put back doors into their security to get around my very secure password, and it pisses me off.
As to why anyone would want to post their information to a social network, I have no idea, but I do know that banks shouldn't be using it at all.
Self verifying survey.
According to businesswire.com,
"The 2008 PayPal Trust and Safety Study was conducted by Ipsos Research from May 28 - June 3 in the United States, and from August 15 - 25 in Europe. The e-mail survey reached 1,000 panelists in each of the six countries: the United States, Canada, France, Germany, Spain and the United Kingdom. All respondents had shopped online in the past 90 days. Quotas for age, gender and PayPal usage were set during the survey to ensure representative online populations in each of the six countries."
So the survey is selected for those who responded, but more importantly for those stupid enough to describe their flawed security practices in response to an email survey. In other words all respondents who were not simply lying or actually practicing strong security identified themselves as people especially susceptible to phishihng and ID theft.
(I'm assuming the email was not signed, which would cause yet another bias.)
Gott Im Himmel!!!
Unt sie denskt wir hat Humour Nichts..
Having worked with a number of Germans, I'm not so sure that they actually display any real due diligence in terms of security. Yes they tend to make use of strong passwords and don't share them around - but then they leave connections wide open for anyone to use. I think it more likely that as English is more commonly used by those with the money, that's where the criminals go to.
The english speaking countries were not conquered by Napoleon. He introduced the first central population databases and a stronger system of identity. On the continent a telephone bill is not considered a stronger proof of identity than the dreaded id-card.
"claiming to have never shared"
Shouldn't that be "claiming to have EVER shared" ?
I mean, if only one in four Germans has never shared a password, that means that 75% have shared a password, so that beats the living daylights out of the others, doesn't it ?
As for the crux of the article, in my opinion 100% of PayPal users are at risk of having either their money locked or their details swiped, so anything less is good news for those concerned.
Personally, I wouldn't use PayPal unless they put a gun to my head.
- Breaking news: Google exec in terrifying SKY PLUNGE DRAMA
- Geek's Guide to Britain Kingston's aviation empire: From industry firsts to Airfix heroes
- Analysis Happy 2nd birthday, Windows 8 and Surface: Anatomy of a disaster
- Google CEO Larry Page gives Sundar Pichai keys to the kingdom
- Adobe spies on readers: EVERY DRM page turn leaked to base over SSL