UK’s online identity habits revealed: Have we reached peak password?

Experian research has revealed a growing divide across generations. This divide is particularly evident in the way the UK population manages its passwords and online identities.

The research showed the variation in the way different age groups conduct themselves online. Millennials are at higher risk from online identity fraud as they favour convenience over security. So, there is inconvenience on one hand and online safety concerns on the other.

“Our research has shown that people across the generations have very different attitudes towards the way they navigate the internet and manage their online accounts, or online IDs”.

The younger generation appears to be more driven by convenience and rarely has more than five unique passwords. They are also far more likely to log in to multiple accounts using a single social media online ID. But what they may not realise is this thirst for convenience leaves them more vulnerable to the threat of identity fraud.

We’ve seen a sharp increase in the number of cases affecting this age group. Our latest Hunter statistics show an increase of 5% year-on-year in those under 30 becoming a target of identity theft. More than 1 in 3 cases of third party fraud (fraud committed by other people, against an individual – such as identity theft), are carried out against this group.

With paper identities now becoming largely obsolete when it comes to verification, replaced by digital online documents, it is much easier to pretend to be another person when you are hidden behind a screen. It has become much rarer for fraudsters to imitate their victims in person. All you need now is a username and password.

The concept of a password is not new, it’s been around for years and has served its purpose of protecting people. This evolution may be why the older generation were found to be much more likely to use multiple passwords to log in to their online accounts, placing more value on a cautious approach to security at the expense of convenience. 1 in 4 admitted to using a memory-straining 11 or more password combinations.

It’s perhaps no surprise, then, that a high proportion of over 55s admit to having problems remembering their codes. This memory strain is a growing problem, with 4 in 10 people stating that they need to use a password memory service to help them remember all their passwords.

Experian also found there is significant confusion about what an online ID is – with 1 in 3 (31%) of those surveyed disclosing they did not know, and a further 61% choosing different definitions to explain an online identity.

3 in 5 (61%) people in the UK admit they don’t always understand what they are agreeing to when they sign up for a new profile online, with 1 in 9 (11%) acknowledging they never understand.

“The typical person in the UK has an estimated 26 online accounts, or online IDs, with between six and 10 passwords that they use regularly. As convenience becomes increasingly important to customers, the all too familiar and often frustrating process of answering several security questions to prove who you are, and recover your password, could become unsustainable. We may well have reached peak password.”

Fraud, and specifically third party fraud – impersonation fraud or identity theft as it is often referred to, is growing. Over the past 60 years we have witnessed a huge transformation in the tools criminals use to commit fraud. But, the use of a password to protect has remained largely stagnant. This exposure can mean fraudsters are able to access even more data and sensitive, valuable information than ever. We’re not looking just at financial losses from bank account withdrawals but right across to accessing social accounts which can be equally costly and damaging for people.

The five key takeaways for me from this are:

1.    Innovation is key

We are all striving for innovative developments and solutions in other areas of our business and lives, so why aren’t we innovating a password? Why haven’t we changed this now age-old, process that is evidently vulnerable and susceptible to being stolen and used?

2.    Consider the customer journey

Things like chip and pin, card pin readers other customer tools have been brought in, and, in some scenarios, swiftly gone. Yes, they certainly offer a customer another level of control through needing to do something else to gain access. But, all this may have done is caused an extra, often ‘fractious’ step, that actually has had no impact on fraud prevention. They still can’t verify the person sat behind the screen. It still leaves the same age-old challenge, just with another step that needs processes behind it.

3.    Information is the golden nugget of fraud

Personally identifiable information, static information if you like, is probably one of the most vulnerable things. Anything that is stored is essentially findable. Phone hacking, malware and more can use recorded information. This is then used as a means to commit fraud.

4.    Think, future

We have already seen many different security measures arising. Most people reading this blog will access their phone, or mobile banking by a simple fingerprint recognition. We’ve seen organisations such as MasterCard testing biometric cards. We’ve heard of new, innovative Fintechs exploring selfies in the verification process. What we haven’t heard of is anything that is reliant on trust. And, trusted identities will be critical. How we get to them will be interesting

5.    Think digital

Digital is here and now. It is growing and it is changing business strategies and customer journeys. As such, identities need to move to digital. We need to find a way of obtaining and creating a digital identity that is transferable, trusted and encrypted. We are already starting to use this with concepts like social account logons, and this concept creates a foundation which will, in my opinion, transform identity verification moving forwards.

Adding a layer of trust to pre-existing accounts could be one way for robust anti-fraud and identity verification measures to become quickly and easily available to many. Whichever methods come to dominate the way we will verify our identity, the systems must ensure enhanced usability, improved security, and reduce the reliance on multiple usernames and passwords.

Experian offers some proactive steps people can take against fraud:

  1. Don’t respond to unsolicited emails and phone calls.
  2. Use different passwords for different accounts – particularly for your email account and online banking.
  3. Use strong passwords made up of three random words – you can add in numbers and symbols, and use a combination of lowercase and uppercase letters if you want.
  4. If you’re using public Wi-Fi, don’t log in to any sites that need a password (e.g. your bank, social media or email) or enter personal information such as your card details.
  5. Always download the latest software on your phone, tablet and computer. This will help protect against malicious software.

Have you seen our A-Z of fraud? You may also like our new eBook: the Evolution of Identity.