What amateurs can learn from security pros about staying safe online

With the non-stop stream of zero-day exploits, website breaches, and criminal hacking enterprises, it's not always easy to know how best to stay safe online. New research from Google highlights three of the most overlooked security practices among security amateurs—installing security updates promptly, using a password manager, and employing two-factor authentication.

The practices are distilled from a comparison of security practices followed by expert and non-expert computer users. A survey found stark discrepancies in the ways the two groups reported keeping themselves secure. Non security experts listed the top security practice as using antivirus software, followed by using strong passwords, changing passwords frequently, visiting only known websites, and not sharing personal information. Security experts, by contrast listed the top practice as installing software updates, followed by using unique passwords, using two-factor authentication, choosing strong passwords, and using a password manager.

"Our results show that experts and non-experts follow different practices to protect their security online," the researchers wrote in a research paper being presented at this week's Symposium On Usable Privacy and Security. "The experts' practices are rated as good advice by experts, while those employed by non-experts received mix[xed] ratings from experts. Some non-expert practices were considered 'good' by experts (e.g., install antivirus software, use strong passwords); other were not (e.g. delete cookies visit only known websites.)"

Read 3 remaining paragraphs | Comments