Recent Survey Shows Lack of Cybersecurity Knowledge

Back to News & Insights

A recent survey from Pew Research showed that respondents don't know how to identify 2-factor authentication.

How much do people know about cybersecurity? The answer may unnerve you. The Pew Research Center designed a 13-question survey that touches on several facets of cybersecurity, from ransomware to phishing attacks. The results showed that the average score was 5.5 correct out of 13 questions.

Digging into the results

A majority of respondents could positively identify a strong password and knew what components could lead to a phishing attack. The strongest password listed included a random selection of numbers and letters. Despite this awareness, many users continue to rely on a handful of easily-guessed passwords. Keeper, a password management software, found that at least 50 percent of users rely on the 25 most common passwords – with 17 percent of them relying on ‘123456’ to protect their personal information.

While 54 percent of internet users responded that they are able to identify examples of phishing attack, only 40 percent are aware that ISPs can still see the sites they visit, according to Pew Reasearch. In light of the recent legislation passed by the federal administration to allow ISPs to not only see but sell users’ data, this awareness is key.

However, respondents fell short with their knowledge of two-step verification. Only 10 percent of online adults were able to correctly identify the example of two-factor authentication when presented with four different image. This demonstrates an alarmingly large gap in adults’ cybersecurity knowledge.

What is two-step verification?

Some companies may use the terms two-step verification (or authentication) and multi-factor authentication. CNET noted that multi-factor authentication could require consumers to give two pieces of information – like entering your username or password for your bank account – and you will receive a follow-up text message with a one-time code to verify it’s really you. While it may frustrate you, this extra step can deter criminals who are eager to steal your personal information.

More online services now offer two-factor verification to protect customer data – but Wired noted that text message verification may be a mistake.

“It’s depending on your mobile phone as a means of authentication [in a way] that can be socially engineered out of your control,” forensics expert Jonathan Zdziarski explained to Wired.

He raises a valid argument: Social engineering is often at the heart of successful phishing or smishing attacks. Hackers can use malicious links within a text message that can infect a mobile device and intercept sensitive information.

In addition, determined hackers can redirect verification codes to different SIM cards to gain access to your personal accounts. These codes expire within a few minutes of being sent, but that could be enough time for criminals to get access to personal information.

Alternative means of authentication

Google offers an alternative solution to text message authentication, according to Wired. Google Prompt can send a question to your phone, which you can answer much the way you would when logging in online. This can reduce the risks of smishing attacks – but it’s critical to not lose your phone for this authentication process to work.

Wired noted other methods – albeit, more time-consuming ones – that are available to consumers. Until they become more commonplace, users will need to stay vigilant with monitoring their mobile devices.

When you’re taking the proactive approach to protecting your identity, it’s beneficial to have a second set of eyes. That’s where Identity Guard can lend a hand. We focus on helping individuals protect their identity. You can choose from a range of services, including credit reporting and a personal protection plan – all designed to fit in with your needs and lifestyle.

1 "2018 Identity Fraud: Fraud Enters a New Era of Complexity," Javelin Strategy & Research, 2018
2 ath Power Consulting, February 2018
3 "2017 Child Identity Fraud Study," Javelin Strategy and Research, 2017
** Identity Theft Insurance underwritten by insurance company subsidiaries or affiliates of American International Group‚ Inc. The description herein is a summary and intended for informational purposes only and does not include all terms‚ conditions and exclusions of the policies described. Please refer to the actual policies for terms‚ conditions‚ and exclusions of coverage. Coverage may not be available in all jurisdictions.
If you do not cancel your membership within the free trial period, your card will be charged either a monthly or annual fee, depending on the membership plan you choose. You may cancel your membership anytime simply by contacting us.
No one can prevent all identity theft.