Even baby boomers over share online
November 22, 2013

Born into a world dominated by technology, millennials are quick to adopt the latest trends such as social media. Services like Twitter, Instagram, Youtube and Facebook have let them share their personal lives to a degree impossible a mere decade ago. For security-minded individuals, the amount of information the generations freely offers up may seem like a nightmare. 

However, millennials are not the only demographic that over shares. According to a recent study from McAfee, baby boomers also fail to follow the best practices for identity management. Much like their younger relatives, they let slip personal details online. This opens the door to fraud, identity theft and breaches to their accounts and lives. With 80 percent of respondents signed onto social networks and most spending 5 hours online per day, they routinely run the chance of exposing themselves to hackers and fraudsters. 

Based on the study, more than half of baby boomers provide strangers with sensitive information. The generation is more guarded with some details than others, but even seemingly innocent sharing can be risky when an unknown party discovers someone's place of birth or mother's maiden name. These are typically the answers to security questions, and letting these details slip could take away what little protection passwords provide. 

According to McAfee's study, 27 percent of respondents share their mobile phone numbers, 26 percent do the same with their home address and 12 percent will even tell strangers about their financial information. One out of three fail to password protect their smartphones and tablets, while nearly half haven't updated the security software on their mobile devices. Any one of these problems constitutes a risk to baby boomers' online identities, but taken on the whole and the generation may arguably be more at risk than younger people. 

Don't try to change how people work
McAfee suggested that baby boomers frequently change their passwords, but this isn't the most reliable advice. Most people know that they should use complex passwords that differ from one account to the next, and that routinely picking a new one can thwart hackers from breaking into an account. However, just because people know what they should do doesn't mean that they will do it. Even if the habits of most people can be changed, some will always opt for convenience over protection, figuring either that they won't be affected or that the consequences won't be as bad as some suggest. 

While altering the routines of every user may be difficult if not impossible, transforming the way that security is approached is a much simpler prospect. Safeguards should address the fact that some users will not use a PIN, and if forced to, they will use a simple one like 1234. Protection efforts should also account for people over sharing information online. No protective measure can avoid this, short of ignoring personal data altogether. 

Solutions that rely on user habits will generally be much more effective at preventing fraud. Two-factor authentication that relies on someone's smartphone for verification plays into this concept. Similarly, most people are more protective of their financial information and banks are also concerned about the online safety of their members. Credentials that rely on these institutions logins could improve security effectiveness in a way that requiring a PIN never could. 

Rising trends in bring your own credentials (BYOC) and multi-factor authentication could create a safer online environment without intruding into people's online lives. Trying to change risky behavior isn't likely to be effective; instead organizations should focus on reducing how risky that behavior is.