More than half of surfers use between one and four passwords to access up to 20 online banking and e-commerce accounts, new research has claimed.
A poll of 150 PC users conducted by Kaspersky Lab found that two-thirds of PC users have up to 10 online accounts that require passwords. Some 23 per cent have more than 20 password protected accounts.
The research found that only nine per cent of surfers use 20 different passwords to access 20 different accounts.
The results were described as "particularly worrying" given Gartner's recent report suggesting that identity theft has increased by 50 per cent since 2003 in the US alone.
Identity fraud in the UK costs the economy £1.7 billion ($4.2 billion) a year, according to Home Office statistics.
The increase in social networking sites, where identifying personal information is stored, could make consumers who use the same password across multiple accounts extremely vulnerable to identify theft, according to David Emm, senior technology consultant at Kaspersky Lab.
"Consumers freely disclose information on social networking sites designed to be used as unique identifiers, such as pet's name, mother's maiden name, nickname, even car registration number," he said.
"All it would take is one clever hacker or phisher to get hold of these databases and they could have access to a raft of online accounts.
"Today's threat landscape is very different from that of a few years ago. Malware is designed to remain undetected so that it can target victims individually and harvest personal information to be used for criminal purposes.
"Couple this with personal information gained from a social networking site and a hacker could have the key to credit card accounts, online bank accounts or social security numbers."
The research went on to criticise the way many users choose their passwords. Common passwords included pet's name, child's name, spouse's name, car registration, date of birth, nickname and favourite song.
The Home Office has produced guidelines on the safe use of banking and e-commerce accounts at its Identify Theft website.
Poor passwords open web bank users to ID theft
By Robert Jaques on Mar 8, 2007 8:32AM