A quarter of British internet users have had their account details for websites, social networks and email services compromised, sparking fears that current web security can no longer be trusted.

Cyber security
A quarter of Britons have had online accounts compromised, as trust in web security weakens. (Reuters)

A survey, commissioned by web security firm CertiVox, found that 26% of its 2,012 respondents no longer trust the current security systems which rely solely on a username and password, while a further 14% are unsure whether to trust them or not.

Of the compromised accounts, 25% were related to Microsoft's Hotmail service, 21% involved Facebook and 11% involved Yahoo.

A quarter of respondents said they would terminate a service immediately if their account was compromised or their data stolen, while 16% said they would look for an alternative service and move away if a suitable replacement was found.

Over a third (37%) of respondents said they would reset their password and carry on using the service as normal if their account was compromised, and because many consumers use the same username and password for several online services, once one account is compromised many more can also be under threat.


Current web security is least trusted by those aged between 55 and 64, with 30% of respondents in this group saying they do not trust websites which rely only on a username and password.

Surprisingly, respondents in the tech-savvy age groups of 18-24 and 25-34 were the most likely to have had their accounts compromised, at 30% and 31% of recipients respectively.

By comparison, just 18% of respondents aged 65+ said they had encountered security problems online. Female consumers are more likely to have their accounts compromised, at 26% of respondents, compared to 22% for males.

Two-step authentication

Earlier this month, a trove of two million stolen passwords for Facebook, Twitter, email and other online services was discovered by security researchers.

Unearthed by Trustwave and detailed on its blog, the collection of stolen data contains 1.5 million website login credentials for sites like Facebook, 320,000 email account credentials, and 3,000 remote desktop login details, among others.

Although Facebook, Twitter and others offer two-step authentication, whereby the system requires the account holder to verify any login attempt made by a computer or mobile device not previously used by them, this is not yet mandatory.

The survey found that 47% of consumers welcome extra levels of security, but a further 43% claim they are "a pain at times".

It is up to the user to choose a password that is suitably secure, but if they are caught out by a phishing scam or malware and unwittingly hand over their password, its length and complexity is irrelevant.

A move away from usernames and passwords

Commenting on the findings, Brian Spector, CEO of web security firm CertiVox, said: "This research shows that despite the rush of Christmas shopping online, many consumers are wary and believe that the username and password authentication system is not secure enough to protect their data."

Spector added: "It is amazing that there hasn't been a whole-scale move away from usernames and passwords."