The National Cyber Security Alliance (NCSA), along with partner PayPal released the 2013 edition of their National Online Safety Study, which examines the cyber security behaviors and perceptions of Americans as well as their mobile device usage habits.
The study, conducted by JZ Analytics, surveyed some 1,100 adults nationwide September 17-18. The 25-item questionnaire covered a range of concerns related to use and access of the Internet. The following are some highlights worth noting:
On the basis of password-reset prompts, a majority of survey respondents indicated that they had either been prompted to change their password “sometime in the past 6 months” (21.9%), in the past month (20%), or have never been prompted at all (18.9%). With the password coming under increased scrutiny seemingly by the day, resetting and changing passwords is a necessary function should the password remain an effective means of security.
Another item implored respondents to indicate their device of choice when accessing the Internet – desktop, laptop, smart phone, tablet – with a final option available for those who had only used a desktop or laptop to access the web. Interestingly enough, despite the overwhelming popularity of their mobile counterparts, the desktop was the most preferred device for Internet use at 35.7%. It’s reasonable to believe that this figure will shift to the mobile device as time progresses, making secure online identity all the more vital.
To further characterize the dichotomy between mobile and desktop surfing, survey respondents were asked to indicate, on a scale from “much more” to “same” to “much less,” if they were more or less cautious when surfing the web on their smart phone as opposed to their desktop. While the most common answer was “about the same,” a significant portion of respondents (20.5%) reported being “much more” cautious when surfing the web on their mobile device.
To accompany this finding, the 38.3% of respondents reported being “very concerned” that data on their mobile device would be compromised if the phone were lost or stolen, with an additional 29.2% being “somewhat concerned.” These figures begin to take on new meaning when considering the increasing popularity of online shopping.
When asked about shopping tendencies in a given week, respondents indicated that 51.8% of their weekly shopping took place online using a credit or debit card. Additionally, respondents indicated that 41.3% of their weekly shopping occurred online using a laptop or desktop.
To cast the security of online shopping into further doubt, respondents were asked to rank the security levels of various payment methods – cash, credit/debit in person, smartphone in store, smartphone online, tablet online and PC/laptop online. Of the various options, respondents believed that both smartphone online and in store along with online tablet purchases to be the least secure methods of shopping.
To better put this in perspective, however, respondents were asked how many daily transactions – banking, shopping, coffee, etc. – they conduct using their smartphone, with an overwhelming 71.5% reporting zero mobile transactions.
Whether the lack of mobile transactions is truly representative of public opinion, or just a case of too much too soon, respondents were asked to indicate which security features, if any, would make them feel more secure when conducting mobile transactions. The responses were as follows:
- Strong password protection- 29.9%
- Buyer protection- 25.1%
- Phone tracking- 16%
- Remote deactivation- 21.7%
- Anti-virus or security software- 30%
- Two-factor authentication- 22.3%
- Facial recognition- 17.1%
- Biometrics identification- 18.7%
- None/nothing- 24.4%
- Not sure- 24.2%
The survey also discusses the role of biometrics in securing online identity by asking respondents to rate the most popular biometric modalities based on their comfort in using the technology to conduct mobile transactions. The modalities in question – fingerprint, retinal scan, photo ID, automated facial recognition and hand gesture recognition – were evaluated on a comfort scale ranging from ‘not at all’ to ‘extremely’ comfortable.
While hand gesture biometrics were elicited the least comfort amongst respondents (23.4% were not at all comfortable), fingerprints and retinal scans were found to be the most comfortable modalities for use in mobile transactions at 30.3% and 26.7% respectively.
While the results of this study suggest a need for more secure online identity, the need to do away with passwords and PINs is even more evident. The number of PINs that we each maintain grows seemingly by the day, and when asked how many PINs or passwords they currently maintain, respondents indicated the following:
- None- 8.1%
- 1- 8.7%
- 2- 6.4%
- 3- 11.9%
- 4- 9.5%
- 5- 5.1%
- 6 or more- 31.5%
- Not sure- 18.8%
These results are troubling, and only further support the elimination of passwords and PINs altogether. Our world becomes more mobile by the day, and with any hope, the statistics in this survey will both serve to move the mainstream public in a positive direction toward more secure online identity and awaken us to the weaknesses of our current security measures.