One of the easiest ways internet users can protect their accounts from hackers is two-step authentication, but a new survey found that most American internet users don’t even know what that is.
The survey, released today by the Pew Research Center, asked 1,055 American adults 13 questions about computer security. Most of the respondents answered more than half of the questions incorrectly. About 90% of the respondents were unable to identify what multi-factor (or two-step) authentication looks like, and about half were unable to identify a phishing email. In many cases, respondents didn’t even venture a guess, and instead indicated that they weren’t sure of the answer.
The results are particularly worrisome because two-step authentication is an important defense against fraudulent account access, and email phishing is one of the most common attacks hackers use to gain fraudulent access to accounts.
The first step in two-factor authentication is a login with a password. The second step requires a separate device, like a mobile phone, on which users can verify their identity via text message.
Phishing emails typically include a link or attachment that, if clicked, can install malicious software or trick a user into typing in their login credentials. A 2016 report by Verizon’s security division found that account credentials are the most common information extracted from phishing attacks. That report also found 30% of recipients of phishing emails in 2015 opened the fraudulent emails rather than deleting them, and 12% clicked on the malicious attachments or links they contained.
In the Pew survey, education was the demographic factor that stood out the most in determining correct answers. Those with at least a college degree, on average, answered seven questions correctly, and had a better chance of choosing the correct answer to 10 or more questions.
“Roughly one-quarter (27%) of those with college degrees answered 10 or more questions correctly,” according to Pew’s report, “compared with 9% of those who have attended but not graduated from college and just 4% of those with high school diplomas or less.”
Although younger respondents did better on average than older ones, age did not have a big effect on overall scores.
“On a number of these questions internet users age 65 and older are just as knowledgeable as those ages 18 to 29,” the report says. “For instance, older and younger users are equally likely to be able to identify a phishing attack, identify the most secure password from a list and know how many free credit reports Americans are entitled to by law. However, younger users score higher on certain questions – such as whether ‘private browsing’ mode prevents ISPs from tracking users’ online activities.”
Of the survey’s 1,055 respondents, only about 211 (20%) correctly answered more than eight questions, and only about 11 (1%) got every question right.