In advance of today's Safe Internet Day, Google surveyed a pool of 3,000 consumers to understand people’s beliefs and current behaviors around online security. According to the new Harris Poll data, two in three people recycle the same password across multiple accounts.
Of all the participants, who were aged 16 and older, 51% admitted that they use one particular "favorite" password for the majority of their accounts. In addition, a third of respondents (31%) said they either don’t know whether they are using two-factor authentication (2FA) or or intentionally choose not to use it.
Still, a whopping 69% of respondents gave themselves an A or B grade for their ability to protect their online accounts. Indeed, 59% said they are better than the average person at keeping their accounts safe from cyber-threats.
While 79% of participants understand that updating security software is a key part of staying safe online, only 67% said they regularly update (or know if they update) their applications.
When asked to define phishing, password manager and two-step verification, only 32% of respondents correctly defined all three terms.
Only 24% of survey respondents said they use a password manager, with those who are older than 50 being less likely to use a password management tool, though the 50-plus group is more likely to use a different password for each account. Those respondents ages 16-24, however, are more likely to use 2FA but are less likely to have changed their passwords within the past year.
In a blog post advising users of what they can do right now to improve online safety, Google wrote, “Create a unique password for each account to eliminate this risk. Make sure that each password is hard to guess and better yet, at least eight characters long.”
Google also recommended setting up 2FA, which “requires you to take a second step each time you sign in to your account on top of your username and password. Examples of second verification steps include: an SMS text message, a six-digit code generated by an app, a prompt that you receive on a trusted device or the use of a physical security key.”