New report explains gulf between security experts and non-experts

Security experts and non security experts take very different attitudes to staying safe online, according to new research.

The outcome is perhaps unsurprising, but what's more interesting are the differences uncovered by a new survey from Google researchers. In a paper called, “...no one can hack my mind”: Comparing Expert and Non-Expert Security Practices,” the researchers surveyed two groups, one with 231 security experts, and another with 294 web-users who aren’t security experts. Both were asked questions about what they do to stay safe online.

A key difference in approach was that while both groups thought password security was important, non-experts tended to rely on memorised passwords “I try to remember my passwords because no one can hack my mind,” said one non-expert. However, experts reported using password managers, for at least some of their accounts, three-times more frequently than non-experts.

As one expert said, “Password managers change the whole calculus because they make it possible to have both strong and unique passwords.” Overall, only 24% of non-experts reported using password managers for at least some of their accounts, compared to 73% of experts.

Software precautions displayed a similar disparity, with 35% of experts and only 2% of non-experts saying that installing software updates was one of their top security practices. A non-expert told the researchers: “I don’t know if updating software is always safe. What [if] you download malicious software?” and “Automatic software updates are not safe in my opinion, since it can be abused to update malicious content.”

The non-experts tended to place their trust in computer security solutions, with 42% of non-experts vs. only 7% of experts saying that running security software was one of the top three three things they do to stay safe online.

As noted by Information Week though, even the security experts in the report don't always follow their own advice. Around 38% of security experts bravely admitted to clicking on links in email messages from unknown senders, compared to just 12% of non-experts. So, when it comes to computer security, perhaps we can all learn something from eachother.