A study conducted on 500 people across all age demographics revealed that nearly a fifth of millennials store payment card PINs on their smartphones, tablets and laptops, compared just 10 percent of respondents across all age groups.
Scott Laliberte, managing director and global leader for technical security assessments at Protiviti, told SCMagazine.com via emailed comments that the findings aren’t surprising because the younger generation seems to have “an inherent trust of their mobile devices.”
Men across all age groups were also more inclined to practice bad cyber hygiene, according to the findings.
The study found men were twice as likely as women to store both their PIN, 21 percent compared to 11 percent, and their passwords, 14 percent compared to seven percent, on their devices.
Across all ages, 16 percent of respondents stored passwords on their devices, 10 percent stored bank account numbers and sort codes, and another 10 percent stored PIN numbers.
Six percent of respondents even said they stored the answers to their security questions for online accounts on their devices.
Despite the various methods of securing a device itself, sensitive information stored on a mobile device is never completely safe because locking it only limits physical device unless there is encryption employed in conjunction to the lock, Laliberte said.
“There is still a risk of someone obtaining access to the phone with the credentials of the authorized user or via programs that are authorized to access the data,” he said giving the example of an application that is granted access to contact info, photos and the like.
Laliberte said a better alternative would be to consider using password vault utilities and utilizing pass phrases.
“It is also important to never assume that your device is 100 percent secure, and to follow common security practices such as strong passcodes, remote wipe capability and encryption,” he said. “Third party vaulting and encryption tools (as long as they don’t have a vulnerability down the road) are two considerations for storing sensitive information on personal devices.”