Serious data breaches experienced amidst poor password practices: Google

• Some 90% of respondents sharing, recycling, using guessable passwords
• Internet users have 25% more passwords now than before the pandemic. 

Despite almost three in five (57%) of Internet users in Malaysia experiencing a personal data breach or knowing someone who had, over 90% respondents surveyed admit to practising poor online habits, according to a new poll by Google.

These practices include sharing, recycling and using guessable passwords, a new digital responsibility study indicated, the search giant said in a statement.

Commissioned by Google and conducted by market research agency YouGov in September to draw attention to the repercussions of poor password health, the study polled over 13,000 respondents aged over 18 across 11 markets in Asia Pacific.

The markets surveyed include Hong Kong, Japan, Korea, India, Indonesia, Malaysia, Philippines, Singapore, Taiwan, Thailand and Vietnam.

The study calls for Internet users to ditch bad digital habits, particularly amidst predictions of a 20% increase in e-commerce sales in the fourth quarter.

Password reuse, recycling 

The e-commerce boom heralded by Covid-19 has been significant. Online activity grew so much that the average internet user today has 25% more passwords than they did before the pandemic, Google said.

Against this backdrop, the Google study found that 80% of respondents in Malaysia use the same passwords for multiple sites, with two in five (45%) admitting to recycling passwords for up to ten unique sites.

Amongst these recyclers, 40% say they do so in fear of forgetting new passwords, while 41% say it is simply convenient to use the same ones.

A worrying 51% of local respondents also confessed to using guessable passwords, spanning the most easily crackable combinations from significant dates and significant others to pet names and even postal codes, the survey noted.

Worse still, one in four (25%) admit to saving their passwords in the ‘Notes’ app of their mobile phones, most of which are not encrypted by default, it noted.

And therein lies another problem: password recyclers are almost twice as likely (13% vs 7%) to have their financial data stolen online, Google claimed.

Google also noted that passwords are being shared a lot. 

The poll found that almost three in five (57%) of respondents have no qualms about passing passwords around to friends or family.

The same respondents also share passwords with streaming platforms, food delivery services, and even e-commerce sites for shopping, even though only a mere 7% of them actively use a password manager, Google said.

In terms of online transactions, three in five (60%) people admit to making purchases on pages without the secure symbol, creating the perfect opportunity for fraudsters to steal details and make respondents their personal santa, it said.

Notable too is that 70% of respondents who save financial information online also share passwords with friends and family, putting themselves at greater risk of a personal data breach with passwords used across multiple devices, it added.

The sum of these bad habits may have resulted in 57% of respondents in Malaysia experiencing a data breach or knowing someone who has, Google claimed.

Chuah Jia Wen, industry head of retail at Google Malaysia said, “We know from past research that people who have had their data exposed by a breach are 10 times more likely to be hijacked.

“When we share, recycle and use guessable passwords we put our personal information,including payment data at exponential risk.” 

Hope for healthier habits

Amidst the doom and gloom, a silver lining emerges from the expressed intention of respondents who aspire to be more digitally responsible, Google noted.

On the way forward, 64% of respondents say that they are likely to adopt two-factor authentication (2FA), even if it is not mandatory.

Four in five (80%) respondents also say that in the face of a potential data breach, they will choose to change their password immediately.

Interestingly, 33% of those who would not change their passwords immediately are believed to be acting out of caution, citing that the breach notification could well be a scam on its own, the survey noted.

Continuing on this positive note, two in five (40%) say that they are likely to use a password manager, though at present, only a meager 7% do, it added.

“It is clear from our findings that Internet users in Malaysia desire to get better at managing their digital health.

“The challenge, however, lies in the gap between knowledge and action, and key to plugging this gap is access to tools that can adequately equip people with both security and convenience,” said Chuah.

Chuah said this is why Google focuses on providing easy to use tools to help people take charge of their online safety, and it strongly encourages everyone to take full advantage of them.

This is especially so in this year-end season, where the need to safeguard against holiday hacking is more crucial than ever before, he added.

Quick Tips

There are freely available tools to help Internet users do just that and Google urged people to take a moment to strengthen their online security with these three simple tips:

1. Cultivate security consciousness, build better passwords. Recycling digital passwords is like using the same key to lock your home, car and office - if someone gains access to one, all of them could be compromised.  The same holds true for weak passwords. 
2. A unique and robust password for each account can help to reduce this risk. Make sure that each password is hard to guess and better yet, at least eight characters long. To make this easier, consider using a password manager to help create stronger passwords, safeguard them and keep track of all of them. 
3. Setting up two-factor authentication (2FA) - also known as 2-step verification significantly decreases the chances of someone gaining unauthorised access to an individual’s account. For the majority, Google’s automatic sign-in protections are more than enough, but everyone should know that 2FA is an additional form of verification - an added layer of security. 
4. Take up Google’s Security Checkup, which is a step by step tool that users can use frequently to strengthen the security of their Google Account and provides users with personalised and actionable security recommendations. This guides users to review connected devices, risky third-party sites and apps that have access to sensitive information, as well as 2FA options. 

Find more online security tips like these by visiting Google’s Safety Center, or visit your Google Account to find all the settings and tools mentioned in this release.