Online Trust Failing Overall

twitter writes "The BBC and ZDNet are reporting on an RSA poll of 1,000 users about failing confidence in ecommerce. 43% of respondents were reluctant to give details to online sites and 70% said that firms were not doing enough to keep their data secure. The BBC goes on to quote experts who back up the perception, ZDNet claims that action is being taken and is well."

lots of large scale compromises lately

[ArbitraryConstant]

While I'm somewhat surprised the average user pays attention to such things, I'm not surprised trust is failing in light of recent large scale compromises.

Until the industry as a whole adopts a strategy of preventing compromises, this is not going to improve. Most companies would rather pay a PR guy to fix their image after the fact than a security consultant to keep it from happening in the first place. That's certainly not how I want my information taken care of.

Quotes from the BBC article:

[TripMaster+Monkey]

Some [users] resort to using the same one for all their online accounts. Those who use several passwords often write them down and hide them in a desk or in a document on their computer.

Dear God, ain't this the truth??? I'm a network admin at a large company (please don't ask which), and the password situation here would be laughable if it weren't so sad. I ran LC5 on our hash file here, and was shocked and dismayed at the number of passwords cracked within 10 seconds. I'm constantly finding passwords on sticky notes on monitors and under keyboards, and many users haven't even bothered to change the default Lotus password ('password') to something else! >:(

Last year, a street survey found that more than 70% of people would reveal their password for a bar of chocolate.

That seems to be about the right figure for users in my company.