Last updated on September 29, 2015
Last week, while this blog was scaring you with tales of hackers-for-hire, the Google folks were presenting some interesting security practices research [pdf] at the Symposium on Usable Privacy and Security (SOUPS) in Ottawa, Canada. The researchers conducted a survey of 231 security “experts,” defined as someone who had at least five years experience working in or studying computer security, and 294 non-experts recruited through Amazon’s Mechanical Turk. There were some very clear differences between the responses of the experts and the non-experts.
- What amateurs can learn from security pros about staying safe online (Ars Technica | Dan Goodin) “A survey found stark discrepancies in the ways the two groups reported keeping themselves secure. Non security experts listed the top security practice as using antivirus software, followed by using strong passwords, changing passwords frequently, visiting only known websites, and not sharing personal information. Security experts, by contrast, listed the top practice as installing software updates, followed by using unique passwords, using two-factor authentication, choosing strong passwords, and using a password manager.”
- New research: Comparing how security experts and non-experts stay safe online (Google Online Security Blog | Iulia Ion, Rob Reeder, and Sunny Consolvo) “More broadly, our findings highlight fundamental misunderstandings about basic online security practices. Software updates, for example, are the seatbelts of online security; they make you safer, period. And yet, many non-experts not only overlook these as a best practice, but also mistakenly worry that software updates are a security risk.”
- Trying to keep your data safe? You’re probably doing it wrong (NPR All Tech Considered | Aarti Shahani) “There’s a similarly stark gap when it comes to antivirus — the software that has long been hailed as the all-purpose cleaner, the rubbing alcohol of the Internet. Forty-two percent of the non-experts surveyed say products like McAfee and Norton are key. But among the experts like [Gerhard] Eschelbeck [Google Vice President for Security Engineering], just 7 percent agree. ‘Antivirus has absolutely its place. But it’s not like the only one solution that people can and should rely upon,’ Eschelbeck says.”
- Online security: How the experts keep safe (InformationWeek | Thomas Claburn) “A third point of differentiation between security experts and non-experts is the use of two-factor authentication. Eighty-nine percent of security experts polled said they used two-factor authentication, compared to 69% of non-experts. Some 12% of non-experts said they didn’t know whether they use two-factor authentication – which probably means they don’t.”
Articles from Ohio Web Library:
- Multi-factor authentication—It’s not just buying another lock. (Computers in Libraries, Nov. 2014, p.26-27 | Jessamyn West)
- Personal online security. (Online Searcher, May/June 2015, p.38-43 | Edward Vawter)
- Passwords and the evolution of imperfect authentication. (Communications of the ACM, July 2015, p.78-87 | Joseph Bonneau, Cormac Herley, Paul C. Van Oorschot, and Frank Stajano)
