Stories
Slash Boxes
Comments

SoylentNews is people

What Amateurs Can Learn From Security Pros About Staying Safe Online

posted by janrinok on Tuesday July 28 2015, @09:22PM   Printer-friendly
from the won't-change-the-users dept.

AnonTechie writes:

With the non-stop stream of zero-day exploits, website breaches, and criminal hacking enterprises, it's not always easy to know how best to stay safe online. New research from Google highlights three of the most overlooked security practices among security amateurs—installing security updates promptly, using a password manager, and employing two-factor authentication.

The practices are distilled from a comparison of security practices followed by expert and non-expert computer users. A survey found stark discrepancies in the ways the two groups reported keeping themselves secure. Non security experts listed the top security practice as using anti-virus software, followed by using strong passwords, changing passwords frequently, visiting only known websites, and not sharing personal information. Security experts, by contrast, listed the top practice as installing software updates, followed by using unique passwords, using two-factor authentication, choosing strong passwords, and using a password manager.

"Our results show that experts and non-experts follow different practices to protect their security online," the researchers wrote in a research paper [PDF] being presented at this week's Symposium On Usable Privacy and Security. "The experts' practices are rated as good advice by experts, while those employed by non-experts received mix[ed] ratings from experts. Some non-expert practices were considered 'good' by experts (e.g., install anti-virus software, use strong passwords); others were not (e.g. delete cookies, visit only known websites.)"

Original Submission

 
This discussion has been archived. No new comments can be posted.
What Amateurs Can Learn From Security Pros About Staying Safe Online | Log In/Create an Account | Top | 16 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 1, Informative) by Anonymous Coward on Tuesday July 28 2015, @10:33PM

    by Anonymous Coward on Tuesday July 28 2015, @10:33PM (#215088)

    > none of the good or bad methods of security have any meaning.

    Secure is not a binary state. For every new uber exploit of the day, there are hundreds of former uber exploits for which countermeasures have been developed and deployed but are still in widespread use. If you run a public facing webserver you've seen botnets in your logs trying exploits from 5-10 years ago just hoping to find that 1 in 10,000 webserver that hasn't been patched yet.

    > the whole new android mms revelation for example

    It is impossible to target all vulnerable android handsets in a reasonable amount of time. The patch for that exploit will be widely deployed before most people encounter someone using it. There will be an unlucky few for which the patch does not come soon enough, but most will be OK.

    Starting Score:    0  points
    Moderation   +1  
       Informative=1, Total=1
    Extra 'Informative' Modifier   0  
    Total Score:   1