Two new surveys — one of security experts and the other of web-users, all in the U.S. — focused on the same question: What do you do to stay safe online? GoogleTM, who conducted the surveys, wanted to compare and contrast responses from the two groups to better understand differences and why they may exist.
The result, a new paper called “...no one can hack my mind”: Comparing Expert and Non-Expert Security Practices”, was released at the Symposium on Usable Privacy and Security in July. It reveals that careful password management is a priority for both groups, but they differ on their approaches.
The top online security practices of the experts were:
1. Install software updates.
2. Use unique passwords.
3. Use two-factor authentication.
4. Use strong passwords.
5. Use a password manager.
The top online security practices of the security non-experts were:
1. Use antivirus software.
2. Use strong passwords.
3. Change passwords frequently.
4. Only visit websites they know.
5. Don’t share personal information.
The paper’s authors note that while the experts’ security practices generally matched the advice they would give non-tech-savvy users, there were a few exceptions. “Experts recommended not clicking on links or opening emails from unknown people, yet they reported to do so at a higher rate than non-experts reported,” note the authors. “Other security practices that non-experts considered very important, such as visiting only known websites, were not being followed by experts nor were they considered good security advice by experts.”
On the subject of passwords, there was common ground between the two groups surveyed. Seventy-three percent of security experts reported using password managers (services that store and protect all of a user’s passwords in one place) for at least some of their accounts three-times more frequently than non-experts, in part because they make it possible to have both strong and unique passwords. Only 24 percent of non-experts reported using password managers, a disparity that the paper’s authors attributed to a lack of education about the benefits of password managers and/or a perceived lack of trust in these programs. As one non-expert explained, “I try to remember my passwords because no one can hack my mind.”
The paper concluded that more work remains to be done on improving the limitations of security practices that are used by experts but not by non-experts. “Nevertheless, based on our findings, some promising security advice emerges: (1) install software updates, (2) use a password manager, and (3) use two-factor authentication for online accounts,” it notes.
For online merchants, keeping sensitive financial and personal data safe from fraud and identity thieves should be a top priority. The hosted payment button tool featured on Transaction Express® — the virtual terminal powered by TransFirst® — allows the e-commerce merchants to create Pay Now buttons that allow shoppers to make purchases and pay bills securely.
As part of the seamless checkout experience, customers are automatically routed to a secure, TransFirst-hosted payment page featuring your company logo where they enter their payment data directly into our server. TransFirst handles all the back-end processing of your business payments, relieving you of the responsibility of receiving, storing and transmitting sensitive cardholder data.
To learn more about Transaction Express and the hosted payment button feature, talk with a TransFirst representative today by completing the form on this page or calling the toll-free number.
Google is a trademark of Google Inc.