Many of us are sharing increasing amounts of personal information through online social media sites, including Facebook, Twitter, LinkedIn and others. However, according to Charlott Lorentzen, Markus Fiedler and Henric Johnson of the Blekinge Institute of Technology, School of Computing, in Karlskrona, Sweden, many of us are side-stepping apparently laborious security measures and putting our data at risk of being hijacked and used in identity theft and other fraud.
Writing in the International Journal of Communication Networks and Distributed Systems, the Swedish team points out that there are also more subtle risks associated with the carefree sharing of personal information, such as compromising situations potentially arising in both our private and professional lives should our data or the site on which it is hosted be accessed by malicious third parties.
At the forefront of the problem is the issue of using secure passwords. While no password can ever be 100 percent secure, annual surveys reveal that far too many users rely on simplistic names, dates, anniversaries and even plain dictionary words, like “password”, and strings of numbers “123456” as their passwords because it is easier to remember. This, of course, provides a false sense of security when accessing some sites in which a simple brute-force attack on logins would quickly and easily expose the weakness in such passwords.
The Swedish team has surveyed teenage users of social media sites, the so-called digital natives born after the initial emergence into the mainstream of the internet, mobile computing and social media sites. They surveyed two groups: one at a secondary school and compared their password use with staff members at a technology institute. They also asked the teenagers about their perception of online safety and risk. The passwords and attitudes of 67 male and 70 female teenagers were analysed and data correlated with the students studying commerce, hotel and restaurant, natural science, and technology.
The team found that students on more technically oriented courses tended to have more sophisticated passwords, as one might expect, but few students used the same password for their Facebook and email accounts, which is a promising development compared with earlier surveys that showed many students use the same password on all systems. Previous surveys showed 75% of users duplicated passwords whereas the Swedish results suggest this is now about 40%. For staff at the Institute, duplication was 17%. “The order of magnitudes of all figures may suggest that many users do not prioritise their personal security on Facebook, and that more awareness would be needed to improve this situation,” the team says.
“Our results indicate that bad password strategies may be ‘taught away’, or that there would be a point in having good password strategies and online safety taught in primary or secondary school to increase security awareness,” the team concludes.
“On user perception of safety in online social networks” in Int. J. Communication Networks and Distributed Systems, 2013, 11, 77-91