“...no one can hack my mind”: Comparing Expert and Non-Expert Security Practices
Venue
Proceedings of the Eleventh Symposium On Usable Privacy and Security, USENIX (2015), pp. 327-346
Publication Year
2015
Authors
Iulia Ion, Rob Reeder, Sunny Consolvo
BibTeX
Abstract
The state of advice given to people today on how to stay safe online has plenty of
room for improvement. Too many things are asked of them, which may be unrealistic,
time consuming, or not really worth the effort. To improve the security advice, our
community must find out what practices people use and what recommendations, if
messaged well, are likely to bring the highest benefit while being realistic to ask
of people. In this paper, we present the results of a study which aims to identify
which practices people do that they consider most important at protecting their
security online. We compare self-reported security practices of non-experts to
those of security experts (i.e., participants who reported having five or more
years of experience working in computer security). We report on the results of two
online surveys—one with 231 security experts and one with 294 MTurk participants—on
what the practices and attitudes of each group are. Our findings show a discrepancy
between the security practices that experts and non-experts report taking. For
instance, while experts most frequently report installing software updates, using
two-factor authentication and using a password manager to stay safe online,
non-experts report using antivirus software, visiting only known websites, and
changing passwords frequently.
