Despite almost 3 in 5 (57%) of internet users in Malaysia experiencing a personal data breach or knowing someone who had, over 90% respondents surveyed admit to practising poor online habits. These include sharing, recycling and using guessable passwords, according to a new digital responsibility study.
Commissioned by Google and conducted by market research agency YouGov in September to draw attention to the repercussions of poor password health, the study polled over 13,000 respondents aged 18+ across 11 markets in Asia Pacific. Markets include Hong Kong, Japan, Korea, India, Indonesia, Malaysia, Philippines, Singapore, Taiwan, Thailand and Vietnam.
The study calls for internet users to ditch bad digital habits, particularly amidst predictions of a 20% increase in Q4 ecommerce sales - the most wonderful time of year for fraud.
Risks of Password Reuse and Recycling
The ecommerce boom heralded by COVID-19 has been significant. Online activity grew so much that the average internet user today has 25% more passwords than they did before the pandemic. This brings the average person to owning a whopping 80 passwords or so, and that’s a lot to memorise.
Against this backdrop, the Google study found that 80% of respondents in Malaysia use the same passwords for multiple sites, with 2 in 5 (45%) admitting to recycling passwords for up to 10 unique sites. Amongst these recyclers, 40% say they do so in fear of forgetting new passwords, while 41% say it is simply convenient to use the same ones.
A worrying 51% of local respondents also confessed to using guessable passwords, spanning the most easily crackable combinations from significant dates and significant others to pet names and even postal codes. Worse still, 1 in 4 (25%) admit to saving their passwords in the ‘Notes’ app of their mobile phones, most of which are not encrypted by default.
And therein lies another problem: Password recyclers are almost twice as likely (13% vs 7%) to have their financial data stolen online.
Sharing is Daring
So where do breaches happen? The answer is often anywhere that data is being shared - and it is being shared a lot.
The study found that almost 3 in 5 (57%) of respondents have no qualms about passing passwords around to friends or family. The same respondents also share passwords with streaming platforms, food delivery services, and even ecommerce sites for shopping, even though only a mere 7% of them actively use a password manager.
In terms of online transactions, 3 in 5 (60%) people admit to making purchases on pages without the secure symbol, creating the perfect opportunity for fraudsters to steal details and make respondents their personal santa. Notable too is that 70% of respondents who save financial information online also share passwords with friends and family, putting themselves at greater risk of a personal data breach with passwords used across multiple devices.
The sum of these bad habits may have resulted in 57% of respondents in Malaysia experiencing a data breach or knowing someone who has.
Chuah Jia Wen, Industry Head of CPG and Retail at Google Malaysia said, “We know from past research that people who have had their data exposed by a breach are 10 times more likely to be hijacked. When we share, recycle and use guessable passwords we put our personal information, including payment data at exponential risk.”
Hope for Healthier Habits
Amidst the doom and gloom, a silver lining emerges from the expressed intention of respondents who aspire to be more digitally responsible. On the way forward, 64% of respondents say that they are likely to adopt two-factor authentication (2FA), even if it is not mandatory.
4 in 5 (80%) respondents also say that in the face of a potential data breach, they will choose to change their password immediately. Interestingly, 33% of those who would not change their passwords immediately are believed to be acting out of caution, citing that the breach notification could well be a scam on its own.
Continuing on this positive note, 2 in 5 (40%) say that they are likely to use a password manager, though at present, only a meagre 7% do.
Jia Wen added, “It is clear from our findings that internet users in Malaysia desire to get better at managing their digital health. The challenge, however, lies in the gap between knowledge and action, and key to plugging this gap is access to tools that can adequately equip people with both security and convenience. That’s why we focus on providing easy to use tools to help people take charge of their online safety, and we strongly encourage everyone to take full advantage of them especially in this year-end season, where the need to safeguard against holiday hacking is more crucial than ever before.”
As the anticipated rate of cybercrime climbs with soaring year-end shopping, maintaining good password hygiene is crucial. The good news is, there are freely available tools to help internet users do just that and Google urges people to take a moment to strengthen their online security with these three simple tips:
Cultivate security consciousness, build better passwords
Recycling digital passwords is like using the same key to lock your home, car and office - if someone gains access to one, all of them could be compromised. The same holds true for weak passwords.
A unique and robust password for each account can help to reduce this risk. Make sure that each password is hard to guess and better yet, at least eight characters long. To make this easier, consider using a password manager to help create stronger passwords, safeguard them and keep track of all of them.
For instance, the Password Checkup, found in Google’s Password Manager, helps check the strength and security of all saved passwords. It tells users if any of it has been compromised (for example, in a third-party breach), and provides an overview on how users are reusing their password across various sites. More importantly, it identifies weaker passwords that leave accounts vulnerable and offers actionable recommendations.
Turn on two-factor authentication
Setting up two-factor authentication (2FA) - also known as 2-Step Verification - significantly decreases the chances of someone gaining unauthorised access to an individual’s account. For the majority, Google’s automatic sign-in protections are more than enough, but everyone should know that 2FA is an additional form of verification - an added layer of security.
2FA requires users to take a second step each time they sign into their account, on top of their username and password. Examples of second verification steps include: an SMS text message, a six-digit code generated by an app, a prompt that you receive on a trusted device or the use of a physical security key.
Take a step further and complete the Google Security Checkup
Taking the Security Checkup can help everyone stay safer online. Google’s Security Checkup is a step-by-step tool that users can use frequently to strengthen the security of their Google Account - takes approximately two minutes to complete. It provides users with personalised and actionable security recommendations, guiding them to review connected devices, risky third-party sites and apps that have access to sensitive information, as well as 2FA options.