When security experts head online, how does their behavior differ from that of non-experts?
According to a new research paper from a group of Google research scientists and engineers (itself based on two surveys with security experts and non-expert Web surfers), security experts place immense importance on installing software updates, using unique (and strong) passwords and two-factor authentication, and relying on a password manager to keep their various accounts locked down and orderly.
The non-experts, meanwhile, rated antivirus software as their top online security practice, followed by the use of strong passwords (and changing those passwords frequently), only visiting websites they know, and not sharing personal information.
“Only 24% of non-experts reported using password managers for at least some of their accounts, compared to 73% of experts,” Google’s researchers wrote in a July 23 blog posting. “Our findings suggested this was due to lack of education about the benefits of password managers and/or a perceived lack of trust in these programs.”
A majority of non-experts also didn’t fully grasp the importance of keeping software up to date. “Experts recognize the benefits of updates—‘Patch, patch, patch,’ said one expert—while non-experts not only aren’t clear on them, but are concerned about the potential risks of software updates.” While experts acknowledged that antivirus software has its benefits, many expressed concern that such programs could give users a false sense of security “since it’s not a bulletproof solution.”
For those interested in online security (and attitudes towards it), the research paper (PDF) is worth checking out.