Singaporeans still too casual with online password security, survey shows

Between 50 per cent and 70 per cent of respondents either do not change their password or only do so when prompted by their different online accounts. PHOTO: REUTERS

SINGAPORE - When it comes to cyber security, Singaporeans appear to be creatures of habit and prefer to stick to the same old passwords.

While most indicated in a government survey that they have adopted the two-factor authentication (2FA) process, they appear casual with their passwords.

A public awareness survey by the Cyber Security Agency of Singapore (CSA) showed one in three respondents in 2017 continues to store their passwords in their computer; write them down; and use the same password for work and personal accounts.

Also, between 50 per cent and 70 per cent of respondents either do not change their password or only do so when prompted by their different online accounts including-cloud based services, and online shopping and social media accounts.

Some 60 per cent of Singaporeans even adopt the same habit when it comes to their iBanking accounts, marginally higher than in 2016 when it was 58 per cent.

The survey seeks to measure the public's awareness and adoption of cyber hygiene practices to better help in developing initiatives to bridge knowledge gaps, said the CSA. Data was collected from 2,035 respondents via an online survey.

The good news is that more people appear to be aware of 2FA and have also utilised the extra step to secure their accounts.

The survey showed a 6 percentage point drop in the number of respondents who are "not sure" of the authentication process, from 10 per cent in 2016.

And nearly eight in 10 respondents indicated that they had enabled 2FA for either some or all of their accounts, up from 66 per cent in 2016.

More respondents are also exercising caution when it comes to online transactions and app downloads.

Only two in 10 respondents proceeded with online transactions without first checking the authenticity of the websites, almost half of the number in 2016.

Fewer respondents are also connecting to open, non-password protected Wi-Fi networks in public places and only one in 10 respondents indicated that they had never scanned for viruses before opening or using downloaded files or external drives.

As for having their devices infected by viruses or malware, their financial or personal information extracted without their consent, and falling victim to a scam or fraud, seven in 10 Singaporeans indicated they were concerned.

But fewer than half think it will happen to them.

This despite Internet love scammers stealing over $22.1 million and 900 e-commerce scams causing losses of close to $700,000 in the first half of 2017, as reported in The Straits Times.

In order to encourage the adoption of good cyber security practices, CSA launched its second public awareness campaign, Cyber Tips 4 You, on April 23 (Monday).

The campaign will showcase a series of online videos, advertisements and posters, featuring local celebrities Suhaimi Yusof and Jae Liew. The two celebrities will provide simple cyber tips to viewers.

And on May 5 at Bedok Mall, visitors can get tips on how to create strong passwords, information on anti-virus software and how it works.

"Cyber threats show no sign of abating. While we will continue to provide cyber security understanding and know-how to the community, we must recognise that we all have a part to play to protect ourselves online and not fall prey to cyber criminals," said CSA's chief executive David Koh.

Correction note: An earlier version of this story said data was collected online from 2,305 respondents. It should be 2,035. We are sorry for the error.

Join ST's WhatsApp Channel and get the latest news and must-reads.