How often do you change passwords on all of your accounts? Or, are all of your passwords simply "password" or "123"?
Like most of us, you probably don't change passwords very often or make them very challenging because you're afraid you'll forget them. As a result, we leave ourselves vulnerable to identity theft – yet we expect businesses to provide airtight security without inconvenience.
The 2018 Global Fraud and Identity Report from the credit reporting agency Experian assesses the balance between security and convenience for businesses and consumers. The report shows a clear discrepancy between our security expectations for businesses and our own security practices.
Over half of businesses (52%) still rely on passwords as the primary authentication method. Businesses may believe that consumers prefer the simplicity of password protection, but the Experian report finds that passwords aren't as simple or convenient as businesses think.
One-quarter of survey respondents had forgotten a username or password within the last six months – one of the top three barriers reported with online banking, along with being locked out for too many incorrect password attempts. (The other top barrier was the use of secret/personal questions as identifiers.)
Consumers compensate by using simplistic passwords and never changing them. Fewer than 1 in 5 respondents (19%) change their password at the recommended time, while 37% of respondents change their password less than once a year.
With so many customer accounts compromised, businesses are rightfully concerned about fraud, with 54% being only "somewhat confident" they can detect it. As a result, businesses err on the side of suspicion and fraud detection compared to trust and permission (71% to 29%).
Almost two-thirds of consumers (66%) appreciate security protocols with online transactions because of the sense of protection. Meanwhile, three-quarters of businesses want advanced authentication/security methods that don't impact the customer's experience.
Correctly identifying the customer (and denying fraudulent access) is vital. According to the report, 84% of businesses believe that fraud mitigation burdens would be reduced if they were certain about a customer's identity.
The key to progress is trust on both sides. Consumers want instant transaction confirmation, simple methods for reporting lost or stolen cards, and the ability to retrieve and download their transaction history. They don't like having to put in information for recognition, periodically forced password changes, and sites that remember and pre-fill your information.
These goals conflict with current business preferences. It will take time for businesses to trust and adopt newer security measures, as they fear glitches and negative customer feedback.
In the meantime, hold up your end of the security bargain by using strong passwords and changing them frequently. To help you remember, try a simple word and insert a symbol between every other letter, changing the symbol every so often. If you're still concerned about forgetting, write your passwords somewhere in a secure location or use a password management program like Keeper or Dashlane.
Type in passwords every time you access your accounts. Don't take the easy way out by allowing your computer to remember all passwords. That's just another point for identity thieves to access.
For the best security, use two-factor authentication when it's available. Two-factor authentication requires a confirming code to be sent via e-mail or text and entered before you can access the account.
You won't be forgiving of any business data breach that exposes your account information and passwords. Will you be any more forgiving of yourself if poor password management burns you?
If you would like to prevent identity theft, join MoneyTips and check out our free Identity Protector tool.