The document is a summary report of a study on consumer digital security concerns and practices. Some of the key findings include:
- 80% of consumers worry about online security and 45% are very or extremely concerned about their accounts being hacked.
- In the past year, 40% of consumers experienced a security incident like a data breach or hacked account.
- Consumers have little confidence in passwords and tend to reuse the same few passwords across many accounts, putting their security at high risk.
- While two-factor authentication provides stronger security, 61% of consumers have not enabled it due to lack of awareness, understanding, or companies not offering it.
- Consumers want help protecting
Adjusting Your Security Controls: It’s the New NormalPriyanka Aash
Most of us learned cybersecurity practices based on the application of controls that were part of a framework. Once the framework was implemented then the controls didn’t change often. It’s time to adjust our thinking and recognize that on-going adjustment of controls may be a better indicator of cyber-maturity than adherence to any framework.
(Source: RSA USA 2016-San Francisco)
Better Security Through Big Data AnalyticsSymantec
Think Big Data Analytics can't help you with your security? Do these stats make you nervous?
Attackers Moving Faster, defenses are not; 5 out of 6 large companies attacked; a 40% increase over 2013
More than 317 million new pieces of malware created last year; 1 million new threats created daily
60% of all targeted attacks struck small- and medium-sized organizations
Retail Remains Hot Spot for Identities: 1 billion stolen in the last 2 years; 59% of all identities exposed in 2014 came from the retail sector
Top 5 zero-days left companies without a patch for 295 days
Digital extortion on the rise: 113% increase in ransomeware; 45 times more people had their devices held hostage by vicious crypto-ransomeware
Malware gets smarter -- 28% of all malware was “virtual machine aware “
2014 had an all-time high of 24 discovered zero-day vulnerabilities
This report solely belongs to Symantec. Credit is due to all original authors and no financial gain was made from the report, Simply sharing for educational purposes,
Security weekly september 28 october 4, 2021 Roen Branham
Watch the full episode on Youtube: https://youtu.be/Tl3pVMaCN60
Security weekly september 28 october 4, 2021
We review the Cyber Security news events that happened from September 28 - October 4, 2021.
Adjusting Your Security Controls: It’s the New NormalPriyanka Aash
Most of us learned cybersecurity practices based on the application of controls that were part of a framework. Once the framework was implemented then the controls didn’t change often. It’s time to adjust our thinking and recognize that on-going adjustment of controls may be a better indicator of cyber-maturity than adherence to any framework.
(Source: RSA USA 2016-San Francisco)
Better Security Through Big Data AnalyticsSymantec
Think Big Data Analytics can't help you with your security? Do these stats make you nervous?
Attackers Moving Faster, defenses are not; 5 out of 6 large companies attacked; a 40% increase over 2013
More than 317 million new pieces of malware created last year; 1 million new threats created daily
60% of all targeted attacks struck small- and medium-sized organizations
Retail Remains Hot Spot for Identities: 1 billion stolen in the last 2 years; 59% of all identities exposed in 2014 came from the retail sector
Top 5 zero-days left companies without a patch for 295 days
Digital extortion on the rise: 113% increase in ransomeware; 45 times more people had their devices held hostage by vicious crypto-ransomeware
Malware gets smarter -- 28% of all malware was “virtual machine aware “
2014 had an all-time high of 24 discovered zero-day vulnerabilities
This report solely belongs to Symantec. Credit is due to all original authors and no financial gain was made from the report, Simply sharing for educational purposes,
Security weekly september 28 october 4, 2021 Roen Branham
Watch the full episode on Youtube: https://youtu.be/Tl3pVMaCN60
Security weekly september 28 october 4, 2021
We review the Cyber Security news events that happened from September 28 - October 4, 2021.
This Cyber Security Survey carried out by
Entersoft Security is a high level survey of
Hong Kong Fintech businesses as on
2018. The survey was carried out in July
2018 against the top HongKong based
Fintech’s in 2017 and early 2018. It helps
these Fintech organisations understand the
nature and significance of the cyber security
threats that they may face and what they
would need to do improve security.
The Best Online Security Service for
CIM – Central Management
Log Monitoring
Intrusion Detection Systems
Firewall Monitoring System
Host based IDSs
Vulnerability Scanning
Evidence Retention
CIM Intelligence
A must to see for all,......!!!
Symantec's Internet Security Threat Report for the Government SectorSymantec
Symantec has established the most comprehensive source of Internet threat data in the world through the Symantec Global Intelligence Network, which is made up of more than 41.5 million attack sensors and records thousands of events per second. This network monitors threat activity in over 157 countries and territories through a combination of Symantec products and services such as Symantec DeepSight Threat Management System, Symantec Managed Security Services, Norton consumer products, and other third-party data sources.
In addition, Symantec maintains one of the world’s most comprehensive vulnerability databases, currently consisting of more than 60,000 recorded vulnerabilities (spanning more than two decades) from over 19,000 vendors representing over 54,000 products.
Spam, phishing, and malware data is captured through a variety of sources including the Symantec Probe Network, a system of more than 5 million decoy accounts, Symantec.cloud, and a number of other Symantec security technologies. Skeptic, the Symantec.cloud proprietary heuristic technology, is able to detect new and sophisticated targeted threats before they reach customers’ networks. Over 8.4 billion email messages are processed each month and more than 1.7 billion web requests filtered each day across 14 data centers. Symantec also gathers phishing information through an extensive anti-fraud community of enterprises, security vendors, and more than 50 million consumers.
Symantec Trust Services provides 100 percent availability and processes over 6 billion Online Certificate Status Protocol (OCSP) look-ups per day, which are used for obtaining the revocation status of X.509 digital certificates around the world. These resources give Symantec analysts unparalleled sources of data with which to identify, analyze, and provide informed commentary on emerging trends in attacks, malicious code activity, phishing, and spam. The result is the annual Symantec Internet Security Threat Report, which gives enterprises, small businesses, and consumers essential information to secure their system effectively now and into the future.
The Internet Is a Dog-Eat-Dog World, and Your App Is Clad in Milk-Bone UnderwearBob Wall
Presentation at the 2016 Big Sky Developers' Conference.
Overview of the dismal state of security on the Web, some suggestions for better app development processes to mitigate problems.
Internet Security Threat Report 2014 :: Volume 19 Appendices - The hardcore n...Symantec
Internet Security Threat Report 2014 :: Volume 19 :: Appendices
Hardcore data from Symantec’s Internet Security Threat Report.
Real number crunching on Threat Malicious Code, Fraud & Vulnerability trends including
Threat Activity Trends
• Malicious Activity by Source
• Malicious Web-Based Attack Prevalence
• Analysis of Malicious Web Activity by Attack Toolkits
• Analysis of Web-Based Spyware, Adware, and Potentially Unwanted Programs
• Analysis of Web Policy Risks from Inappropriate Use
• Analysis of Website Categories Exploited to Deliver Malicious Code
• Bot-Infected Computers
• Analysis of Mobile Threats
• Quantified Self – A Path to Self-Enlightenment or Just Another Security Nightmare?
• Data Breaches that could lead to Identity Theft
• Threat of the Insider
• Gaming Attacks
• The New Black Market
Malicious Code Trends
• Top Malicious Code Families
• Analysis of Malicious Code Activity by Geography, Industry Sector, and Company Size
• Propagation Mechanisms
• Email-Targeted Spear-Phishing Attacks Intelligence
Spam and Fraud Activity Trends
• Analysis of Spam Activity Trends
• Analysis of Spam Activity by Geography, Industry Sector, and Company Size
• Analysis of Spam Delivered by Botnets
• Significant Spam Tactics
• Analysis of Spam by Categorization
• Phishing Activity Trends
• Analysis of Phishing Activity by Geography, Industry Sector, and Company Size
• New Spam Trend: BGP Hijacking
Vulnerability Trends
• Total Number of Vulnerabilities
• Zero-Day Vulnerabilities
• Web Browser Vulnerabilities
• Web Browser Plug-in Vulnerabilities
• Web Attack Toolkits SCADA Vulnerabilities
company names mentioned herein are for identification and educational purposes only and are the property of, and may be trademarks of, their respective owners.
Slideshare that can be used as an educational training tool for employees to be aware of the risks of phishing attacks. This presentation covers the threat of phishing and what strategies can be done to mitigate phishing attacks.
PhishingBox is an online system for organizations to easily conduct simulated phishing attacks and educate their end users through awareness training. This helps identify vulnerabilities and mitigate risk. Our system is simple to use, cost-effective and helps clients reduce risk and achieve cybersecurity objectives.
Verizon Publishes 2020 Data Breach Investigation Report (DBIR) With Insights From Thousands of Confirmed Breaches. Verizon's 2020 Data Breach Investigations Report (DBIR) is the most extensive yet, with 81 contributing organizations, and more than 32,000 incidents analyzed (of which 3,950 were confirmed breaches). Credit:Verizon
Credit is due to all original authors and no financial gain was made from the report, Simply sharing an interesting story for educational purposes,
Why is cyber security a disruption in the digital economyMark Albala
As we enter the digital economy, companies will quickly realize that the differentiator in the digital economy is information and information being a valuable resource is subject to theft, hacking, phishing and a host of other issues which compromise a company’s ability to participate in the digital economy. Cybersecurity misfires compromise the trust of buyers and partners necessary to participate in the digital economy. It is up to every company to ensure that the information shared with them is protected to the best of their ability and proactively notify persons and organizations who entrust their information necessary to transact business (any personal identity information including but not limited to addresses, credit card information, social security numbers, account information, credit information, medical records, etc.) with any potential compromises which can yield harm to them by that information either being used maliciously or shared with others.
The digital economy is different than other versions of commerce because in the digital economy, information is the lifeblood of digital commerce that passes through the hands of many platforms involved in a digital event. Each of these platforms are an opportunity to wreak havoc on your well-intended but incomplete intents to protect the information contained within the network you control. In the digital economy, it is not only the network you control, but the platforms that touch the personal data entrusted to you as a means of enabling digital commerce, and several techniques have begun to emerge to protect personal information contained within your information domain and the domain of platforms participating in digital commerce.
Because the life blood of the digital economy is information, information hacked in the digital economy is akin to shrinkage in the legacy economy. Both are means to directly attack your bottom line, whether it is redirecting customers elsewhere because they don’t trust your privacy program, ransomware which makes your site or one of your partner platform sites dangerous to use or some other reason which challenges your ability to participate in the digital economy. Shrinking the potential market share because of information safety and security challenges is a disruption, making cyber-security a disruptive activity, particularly if it is not dealt with swiftly.
If your cyber-security program is focused entirely on protecting the information housed in your four walls, you have exposed yourself to problems you will have difficulty in identifying both the source and the entry point of these issues.
State of Web Application Security by Ponemon InstituteJeremiah Grossman
Ponemon Institute conducted this study to better understand the risk of insecure websites and how organizations’ are addressing internal and external threats.1 Sponsored by Imperva and WhiteHat Security, the study reveals that despite having mission-critical applications accessible via their websites, many organizations are failing to provide sufficient resources to secure and protect Web applications important to their operations. This is particularly alarming given that the Web application layer is the number one attack target of hackers.2
We surveyed 638 IT and IT security practitioners with approximately 13 years IT experience in large US-based organizations with an average headcount of about 10,000. They most often are in network, data and application security, including quality assurance for development and testing. More than half are involved in setting priorities, managing budgets and selecting vendors and contractors.
While participants in this study consider the biggest threat to their websites is theft of data, they do not believe that their organizations are viewing Web security as a strategic initiative. They also believe their organizations are not allocating sufficient resources to protecting critical Web applications. Further, the IT practitioners surveyed are divided on whether the Web application security program is threat-based (41 percent) or compliance-based (40 percent).
Find out how to protect your petroleum retail assets from cyber attacks and discover 6 steps to take once you uncover a hack, how to notify data breach victims, what to do if you discover malware, red flags to watch for on social media, and more!
Ted Willke, Sr Principal Engineer, Intel at MLconf SEA - 5/20/16MLconf
Can Cognitive Neuroscience Provide a Theory of Deep Learning Capacity?: Deep neural networks have achieved learning feats for video, image, and speech recognition that leave other techniques far behind. For example, the error rate on the ImageNet 2012 object recognition challenge was halved with the introduction of deep convolutional nets and now they dominate these competitions. At the same time, the industry is busy putting them to use on applications spanning autonomous driving to product recommenders and researchers continue to propose more elaborate topologies and intricate training techniques. But our theoretical understanding of how these networks encode representations of the “things they see” is far behind, as is our understanding of their limitations.
To advance deep neural network design from “black magic” to an engineering problem, we need to understand the impact that the choice of topology and parameters have on learnt representations and the processing that a network is capable of. How many representations can a given network store? How does representation “reuse” impact learning rate and learning capacity? How many tasks can a given network perform?
In this talk, I’ll describe why the human brain, with its seemingly unlimited parallel distributed processing, is downright terrible at multi-tasking and why this is totally logical. And I’ll describe the theoretical implications this may have for artificial neural networks. I’ll also describe very recent work that sheds some light on how representations are encoded and how our research team is extending this work to create practical best practices for network design.
This Cyber Security Survey carried out by
Entersoft Security is a high level survey of
Hong Kong Fintech businesses as on
2018. The survey was carried out in July
2018 against the top HongKong based
Fintech’s in 2017 and early 2018. It helps
these Fintech organisations understand the
nature and significance of the cyber security
threats that they may face and what they
would need to do improve security.
The Best Online Security Service for
CIM – Central Management
Log Monitoring
Intrusion Detection Systems
Firewall Monitoring System
Host based IDSs
Vulnerability Scanning
Evidence Retention
CIM Intelligence
A must to see for all,......!!!
Symantec's Internet Security Threat Report for the Government SectorSymantec
Symantec has established the most comprehensive source of Internet threat data in the world through the Symantec Global Intelligence Network, which is made up of more than 41.5 million attack sensors and records thousands of events per second. This network monitors threat activity in over 157 countries and territories through a combination of Symantec products and services such as Symantec DeepSight Threat Management System, Symantec Managed Security Services, Norton consumer products, and other third-party data sources.
In addition, Symantec maintains one of the world’s most comprehensive vulnerability databases, currently consisting of more than 60,000 recorded vulnerabilities (spanning more than two decades) from over 19,000 vendors representing over 54,000 products.
Spam, phishing, and malware data is captured through a variety of sources including the Symantec Probe Network, a system of more than 5 million decoy accounts, Symantec.cloud, and a number of other Symantec security technologies. Skeptic, the Symantec.cloud proprietary heuristic technology, is able to detect new and sophisticated targeted threats before they reach customers’ networks. Over 8.4 billion email messages are processed each month and more than 1.7 billion web requests filtered each day across 14 data centers. Symantec also gathers phishing information through an extensive anti-fraud community of enterprises, security vendors, and more than 50 million consumers.
Symantec Trust Services provides 100 percent availability and processes over 6 billion Online Certificate Status Protocol (OCSP) look-ups per day, which are used for obtaining the revocation status of X.509 digital certificates around the world. These resources give Symantec analysts unparalleled sources of data with which to identify, analyze, and provide informed commentary on emerging trends in attacks, malicious code activity, phishing, and spam. The result is the annual Symantec Internet Security Threat Report, which gives enterprises, small businesses, and consumers essential information to secure their system effectively now and into the future.
The Internet Is a Dog-Eat-Dog World, and Your App Is Clad in Milk-Bone UnderwearBob Wall
Presentation at the 2016 Big Sky Developers' Conference.
Overview of the dismal state of security on the Web, some suggestions for better app development processes to mitigate problems.
Internet Security Threat Report 2014 :: Volume 19 Appendices - The hardcore n...Symantec
Internet Security Threat Report 2014 :: Volume 19 :: Appendices
Hardcore data from Symantec’s Internet Security Threat Report.
Real number crunching on Threat Malicious Code, Fraud & Vulnerability trends including
Threat Activity Trends
• Malicious Activity by Source
• Malicious Web-Based Attack Prevalence
• Analysis of Malicious Web Activity by Attack Toolkits
• Analysis of Web-Based Spyware, Adware, and Potentially Unwanted Programs
• Analysis of Web Policy Risks from Inappropriate Use
• Analysis of Website Categories Exploited to Deliver Malicious Code
• Bot-Infected Computers
• Analysis of Mobile Threats
• Quantified Self – A Path to Self-Enlightenment or Just Another Security Nightmare?
• Data Breaches that could lead to Identity Theft
• Threat of the Insider
• Gaming Attacks
• The New Black Market
Malicious Code Trends
• Top Malicious Code Families
• Analysis of Malicious Code Activity by Geography, Industry Sector, and Company Size
• Propagation Mechanisms
• Email-Targeted Spear-Phishing Attacks Intelligence
Spam and Fraud Activity Trends
• Analysis of Spam Activity Trends
• Analysis of Spam Activity by Geography, Industry Sector, and Company Size
• Analysis of Spam Delivered by Botnets
• Significant Spam Tactics
• Analysis of Spam by Categorization
• Phishing Activity Trends
• Analysis of Phishing Activity by Geography, Industry Sector, and Company Size
• New Spam Trend: BGP Hijacking
Vulnerability Trends
• Total Number of Vulnerabilities
• Zero-Day Vulnerabilities
• Web Browser Vulnerabilities
• Web Browser Plug-in Vulnerabilities
• Web Attack Toolkits SCADA Vulnerabilities
company names mentioned herein are for identification and educational purposes only and are the property of, and may be trademarks of, their respective owners.
Slideshare that can be used as an educational training tool for employees to be aware of the risks of phishing attacks. This presentation covers the threat of phishing and what strategies can be done to mitigate phishing attacks.
PhishingBox is an online system for organizations to easily conduct simulated phishing attacks and educate their end users through awareness training. This helps identify vulnerabilities and mitigate risk. Our system is simple to use, cost-effective and helps clients reduce risk and achieve cybersecurity objectives.
Verizon Publishes 2020 Data Breach Investigation Report (DBIR) With Insights From Thousands of Confirmed Breaches. Verizon's 2020 Data Breach Investigations Report (DBIR) is the most extensive yet, with 81 contributing organizations, and more than 32,000 incidents analyzed (of which 3,950 were confirmed breaches). Credit:Verizon
Credit is due to all original authors and no financial gain was made from the report, Simply sharing an interesting story for educational purposes,
Why is cyber security a disruption in the digital economyMark Albala
As we enter the digital economy, companies will quickly realize that the differentiator in the digital economy is information and information being a valuable resource is subject to theft, hacking, phishing and a host of other issues which compromise a company’s ability to participate in the digital economy. Cybersecurity misfires compromise the trust of buyers and partners necessary to participate in the digital economy. It is up to every company to ensure that the information shared with them is protected to the best of their ability and proactively notify persons and organizations who entrust their information necessary to transact business (any personal identity information including but not limited to addresses, credit card information, social security numbers, account information, credit information, medical records, etc.) with any potential compromises which can yield harm to them by that information either being used maliciously or shared with others.
The digital economy is different than other versions of commerce because in the digital economy, information is the lifeblood of digital commerce that passes through the hands of many platforms involved in a digital event. Each of these platforms are an opportunity to wreak havoc on your well-intended but incomplete intents to protect the information contained within the network you control. In the digital economy, it is not only the network you control, but the platforms that touch the personal data entrusted to you as a means of enabling digital commerce, and several techniques have begun to emerge to protect personal information contained within your information domain and the domain of platforms participating in digital commerce.
Because the life blood of the digital economy is information, information hacked in the digital economy is akin to shrinkage in the legacy economy. Both are means to directly attack your bottom line, whether it is redirecting customers elsewhere because they don’t trust your privacy program, ransomware which makes your site or one of your partner platform sites dangerous to use or some other reason which challenges your ability to participate in the digital economy. Shrinking the potential market share because of information safety and security challenges is a disruption, making cyber-security a disruptive activity, particularly if it is not dealt with swiftly.
If your cyber-security program is focused entirely on protecting the information housed in your four walls, you have exposed yourself to problems you will have difficulty in identifying both the source and the entry point of these issues.
State of Web Application Security by Ponemon InstituteJeremiah Grossman
Ponemon Institute conducted this study to better understand the risk of insecure websites and how organizations’ are addressing internal and external threats.1 Sponsored by Imperva and WhiteHat Security, the study reveals that despite having mission-critical applications accessible via their websites, many organizations are failing to provide sufficient resources to secure and protect Web applications important to their operations. This is particularly alarming given that the Web application layer is the number one attack target of hackers.2
We surveyed 638 IT and IT security practitioners with approximately 13 years IT experience in large US-based organizations with an average headcount of about 10,000. They most often are in network, data and application security, including quality assurance for development and testing. More than half are involved in setting priorities, managing budgets and selecting vendors and contractors.
While participants in this study consider the biggest threat to their websites is theft of data, they do not believe that their organizations are viewing Web security as a strategic initiative. They also believe their organizations are not allocating sufficient resources to protecting critical Web applications. Further, the IT practitioners surveyed are divided on whether the Web application security program is threat-based (41 percent) or compliance-based (40 percent).
Find out how to protect your petroleum retail assets from cyber attacks and discover 6 steps to take once you uncover a hack, how to notify data breach victims, what to do if you discover malware, red flags to watch for on social media, and more!
Ted Willke, Sr Principal Engineer, Intel at MLconf SEA - 5/20/16MLconf
Can Cognitive Neuroscience Provide a Theory of Deep Learning Capacity?: Deep neural networks have achieved learning feats for video, image, and speech recognition that leave other techniques far behind. For example, the error rate on the ImageNet 2012 object recognition challenge was halved with the introduction of deep convolutional nets and now they dominate these competitions. At the same time, the industry is busy putting them to use on applications spanning autonomous driving to product recommenders and researchers continue to propose more elaborate topologies and intricate training techniques. But our theoretical understanding of how these networks encode representations of the “things they see” is far behind, as is our understanding of their limitations.
To advance deep neural network design from “black magic” to an engineering problem, we need to understand the impact that the choice of topology and parameters have on learnt representations and the processing that a network is capable of. How many representations can a given network store? How does representation “reuse” impact learning rate and learning capacity? How many tasks can a given network perform?
In this talk, I’ll describe why the human brain, with its seemingly unlimited parallel distributed processing, is downright terrible at multi-tasking and why this is totally logical. And I’ll describe the theoretical implications this may have for artificial neural networks. I’ll also describe very recent work that sheds some light on how representations are encoded and how our research team is extending this work to create practical best practices for network design.
10 11-14 07-12-12 download from lulu.comFritz Glaus
CRazYZoo! is a simple and personally meaningful method of learning about oneself and about others by determining to which of the six classic human types you belong. This helps you to grow self-esteem, open-mindedness and tolerance, and improve your communication and relationship skills. It is written as an action-filled fable in which lions, St-Bernards and foxes help you make important choices as you progress through the story.
PCB manufacture is a progressive process adding value at each step. At the end of the line the maximum value has been assembled leaving only the depaneling or singulation process to take place. This mechanical separation is often under estimated and dealt with in the simplest possible manner giving inadequate attention to stress. Often this results in damage to PCBs and a significant loss of value. This Presentation outlines the basics on how to best protect the investment in the assembled PCBs by using the right level of cutting and handling technology.
Tackling the job of conducting a survey for your library can be daunting. A systematic and quality-driven approach will yield results which can provide valuable information to decision-makers and stakeholders. This first in a three-part series of workshops on conducting surveys will demystify the survey process, from beginning to end of your project.
This first workshop of the three-part series addresses 1) the reasons for conducting a survey; 2) issues in effective questionnaire design, data collection and analysis, and reporting; and 3) questionnaire design, especially measurement, question content, and structure, including examples.
The purpose of this project is to examine the ‘culture of trauma’ and to consider how a national identity can be constructed or imagined in the wake of the bloodshed of war. A 3rd year undergraduate project undertaken as part of the living in a digital world media & communication module at Coventry University.
Let’s understand about the “2017 Norton Cyber Security Insights Report”, the main topics of this reports are Cybercrime by the Numbers, Portrait of a Cybercrime Victim, Consumers’ Contradicting Beliefs, and State of Consumers’ Trust.
Lack of passwords, use of public Wi-Fi lead consumer cyber security risks. New survey from Experian's ProtectMyID® reveals how Americans can take greater control when securing their personal information. The study, conducted by Edelman Berland, reveals areas where consumers’ identities are at the most risk, including electronic devices and online accounts. The findings show that 93 percent of respondents believe that identify theft is a growing problem, yet are not doing enough to address the issue.
How can we better protect our customers?
It’s official: consumers do not feel their private data is being kept private. Looking around at the headlines, where high profile breach after high-profile breach is documented, the lack of trust in data security is no surprise.
In this graphical report, we delve into the fears surrounding online security and the economic impact of losing your customers’ trust.
It’s official: your customers do not feel their private data is being kept private. In this graphical report, we delve into the fears surrounding online security and the economic impact of losing your customers’ trust.
In a survey of U.S. technology and healthcare executives nationwide, Silicon Valley Bank found that companies believe cyber attacks are a serious threat to both their data and their business continuity.
Highlights
- 98% are maintaining or increasing resources devoted to cyber security
- 50% are increasing their cyber security resources, preparing for when, not if, cyber attacks occur
- Just 35% are completely or very confident in the security of their company information, and only 16% feel the same about their business partners
The National Cyber Security Centre and Department for Digital, Culture, Media and Sport have released findings from the UK Cyber Survey conducted by Ipsos MORI. These findings are from a study of UK individuals to measure and understand awareness and attitudes towards cyber security, and related behaviours. They are part of a wider research project to provide insight to inform HM Government’s approach to encourage positive behaviour amongst the public in protecting themselves against cyber threats.
Company names mentioned herein are the property of, and may be trademarks of, their respective owners and are for educational purposes only.
17 U.S. Code § 107 - Limitations on exclusive rights: Fair use Notwithstanding the provisions of sections 106 and 106A, the fair use of a copyrighted work, including such use by reproduction in copies or phonorecords or by any other means specified by that section, for purposes such as criticism, comment, news reporting, teaching (including multiple copies for classroom use), scholarship, or research, is not an infringement of copyright.
This recent survey from Citrix and Wakefield Research examines consumer attitudes toward the privacy and security of personal and work data as well as trust with vendors to protect personal information like social security numbers and mailing addresses. Learn more at http://www.citrix.com/
This year we have reached the stage where 50% of the world’s population is connected to the Internet, compared to 40% in 2016. And, with more people online than ever before, every minute that goes by witnesses 3.5 million Google search queries, $751,522 spent, 156 million emails sent, 342,000 apps downloaded in mobile app stores and 46,200 posts uploaded to Instagram.
Authentication best practices: Experts weigh inAbhishek Sood
A 2017 Aite Group survey of 1,095 U.S. consumers who use online and/or mobile banking revealsusers’ perceptions of various forms of authentication.
Access this report now to uncover key findings from this study and expert recommendations to improve authentication security and user experience.
Inside, learn about:
•Notable 2016 data breaches
•Market trends and implications
•Consumers’ attitudes toward passwords
•Pros and cons of authentication methods
TeleSign Consumer Account Security Report 2015 FINAL
1. THE MOBILE IDENTITY COMPANY 1 @TELESIGN TELESIGN.COM
TeleSign Consumer Account Security Report
June 2015
An International Study of Digital Security Concerns and Practices
3. THE MOBILE IDENTITY COMPANY 3 @TELESIGN TELESIGN.COM
Contents
INTRODUCTION.............................................................................................................................................4
KEY FINDINGS................................................................................................................................................4
METHODOLOGY ............................................................................................................................................6
DETAILED FINDINGS......................................................................................................................................7
Concerns about Online Security are Universal—and Based on Experience .................................................7
Identical Passwords Used on Multiple Online Accounts Put Consumers at High Risk ...............................11
Consumers Have Lost Faith in Passwords...................................................................................................13
Majority of Consumers Want Help in Understanding and Using Two-Factor Authentication...................16
Most Consumers Want Online Companies to Provide an Extra Layer of Protection .................................19
RESEARCH DEMOGRAPHICS........................................................................................................................26
4. THE MOBILE IDENTITY COMPANY 4 @TELESIGN TELESIGN.COM
Consumers Lose Faith in Passwords
June 2015
INTRODUCTION
With the dramatic uptick in high-profile online
breaches grabbing headlines in recent years,
and an increased general awareness of the
security dangers lurking in cyberspace, most
internet users now count being hacked as one
of life’s everyday concerns. Yet a disconnect
remains between this increased fear and
increased adoption of security techniques in the
digital world. As this study shows, one of the
key reasons for this fear is consumers’ lack of
confidence in the main security mechanism
(and single point of failure) standing between
their online lives and hackers: the password.
Consumers are looking for guidance and
protection from the companies they do
business with. One thing is clear – cybersecurity
threats and attackers are moving faster than
ever and consumers are in need of help to stay
protected and put their minds at ease.
Even while lacking trust in passwords and being
worried about being hacked, consumers are
falling short of taking steps to protect
themselves either due to lack of awareness or
lack of education on additional security
measures. They would like the added protection
of two-factor authentication (2FA) because it
adds an extra layer of protection, but many
don’t know where to start or how to set it up.
Further complicating matters, consumers
continually put themselves at heightened risk
when they use the same password across
several accounts. If one password gets hacked,
then all the other accounts are in peril. Between
password reuse and not taking advantage of
available additional security, such as two-factor
authentication (2FA), users continue to ignore
security advice in favor of convenience, thus
leaving the entirety of the online world more
open to the whims of hackers.
This study, commissioned by TeleSign,
quantifies consumers’ concerns about online
security and their exposure to breaches,
describes the actions they are taking—or not
taking—to protect themselves, and reveals how
poor password management and single-factor
authentication create the potential for
widespread security incidents due to data
breaches and other issues in today’s threat
landscape. But hope remains as more
consumers today show an interest in learning
how to better protect themselves.
KEY FINDINGS
Concerns About Online Security Are
Universal—and Based on Personal Experience
80 percent of consumers worry about
online security.
45 percent are extremely or very concerned
about their accounts being hacked.
In the past year, 40 percent of consumers
experienced a security incident (received a
notice that their personal information had
been compromised, had an account hacked
or had a password stolen) and 70 percent
changed their passwords in response.
Consumers Lack Faith in Passwords
Only 30 percent of consumers are confident
that their passwords will protect the
security of their online accounts.
The Domino Effect: Using the Same Password
on Multiple Accounts Can Topple Online
Security
Consumers have an average of 24 online
accounts, but use only 6 unique passwords
to protect them.
73 percent of accounts use duplicate
passwords.
Consumers rarely change their passwords.
Almost half (47 percent) are using a
5. THE MOBILE IDENTITY COMPANY 5 @TELESIGN TELESIGN.COM
password that hasn’t been changed in five
or more years and 77 percent have a
password that is one year or older.
Consumers Want Help to Protect the Security
of Their Accounts
72 percent would welcome advice on how
to protect the security of their online
accounts.
68 percent say they want online companies
to provide an extra layer of security, such as
two-factor authentication, to protect their
personal information.
Majority Are Not Using Two-Factor
Authentication
Although 2FA is widely available, 61 percent
of consumers have not enabled it for any of
their online accounts.
Among consumers who are not using 2FA,
56 percent are unfamiliar with two-factor
authentication, 29 percent don’t know how
to turn on 2FA, and 29 percent say none of
their online accounts offer 2FA.
Over half (54 percent) of consumers say
they’d be more willing to use 2FA if
companies guaranteed mobile phone
numbers would only be used for account
security and never for marketing.
Consumers Feel More Secure When They Use
Two-Factor Authentication
Nine in ten who use 2FA say it makes them
feel their online information is more secure
Only 39 percent of consumers use two-
factor authentication. The top reasons are
because the site required it (61 percent)
and they want an extra layer of protection
(54 percent).
Millennials Are Concerned About Hacking but
Use Poor Password Practices
Almost half (47 percent) of Millennials (18
to 34) are extremely or very concerned
about hacking and 81 percent would like
advice on how to protect their accounts.
Although Millennials have more online
accounts, they use fewer passwords; 32
percent use only one to three passwords for
all of their accounts vs. 17 percent of those
35 and older.
Despite using the same passwords on
multiple accounts, 36 percent of Millennials
are highly confident that their passwords
will protect their security.
Millennials more often turn on 2FA because
they want an extra layer of protection: 61
percent vs. 49 percent of those 35 and
older.
Anxiety About Online Security Higher in the US
US consumers worry more than UK
consumers about online security: 84
percent vs. 76 percent.
Over half of US consumers (56 percent) are
extremely or very concerned about their
online accounts being hacked, compared
with only 35 percent in the UK.
Those in the US are more likely to have
experienced an online security incident in
the past year: 50 percent vs. 30 percent of
UK consumers.
Interest in getting advice on how to protect
the security of online accounts is higher in
the US (79 percent) than in the UK (66
percent).
Familiarity with 2FA is higher in the US (49
percent somewhat or very familiar) than in
the UK (39 percent).
More US consumers (71 percent) than UK
consumers (64 percent) would like online
companies to provide an extra layer of
security to protect their personal
information.
Although the same share of consumers
have enabled 2FA in the US and UK, the
reasons they do so are different. In the UK
70 percent turn on 2FA because the site
requires it (vs. 52 percent in the US). More
US consumers (63 percent) turn on 2FA to
get an extra layer of protection (vs. 44
percent of UK consumers).
6. THE MOBILE IDENTITY COMPANY 6 @TELESIGN TELESIGN.COM
Almost six times as many US consumers
turned on 2FA because their personal
information was exposed in a data breach
(17 percent vs. 3 percent of UK consumers).
About three times the share of US
consumers enabled 2FA because they read
or heard about a data breach (24 percent
vs. 7 percent in the UK) or had an account
hacked (23 percent vs. 9 percent in the UK).
METHODOLOGY
TeleSign commissioned Lawless Research to design and conduct a study about online security and two-
factor authentication. Between March 24 and March 25, 2015, 2,020 adults who have a mobile phone
and at least one online account completed the 10-minute online survey. The online survey was hosted
by Qualtrics and Survey Sampling International provided respondents from their online panel. The
margin of error for the total sample is ±2.2 percentage points at the 95 percent level of confidence (±3.1
for the 1,004 US respondents and ±3.1 for the 1,016 UK respondents). Tests of significant difference
were conducted at the .01 level (99% probability that the difference is real, not by chance).
Note: *p<.01 indicates there is a significant difference at the .01 level.
7. THE MOBILE IDENTITY COMPANY 7 @TELESIGN TELESIGN.COM
DETAILED FINDINGS
Concerns about Online Security are Universal—and Based on Experience
Eight in ten consumers worry about their online security.
Overall, 80 percent of consumers say they worry about their online security.
More US consumers are worried, compared with those in the UK: 84 percent vs. 76 percent of
UK consumers.
Majority of consumers are concerned about their accounts being hacked.
Almost half of the respondents (45 percent) are extremely or very concerned about their accounts being
hacked.
84%
76%
16%
24%
0%
20%
40%
60%
80%
100%
US UK
Do you worry about your online security?
No
Yes
17%
28%
37%
14%
4%
0%
5%
10%
15%
20%
25%
30%
35%
40%
Extremely
concerned
Very concerned Moderately
concerned
Slightly
concerned
Not at all
concerned
How concerned are you about your online accounts
being hacked?
8. THE MOBILE IDENTITY COMPANY 8 @TELESIGN TELESIGN.COM
US consumers are more concerned about their online accounts being hacked, compared with UK
consumers.
Over half of US consumers (56 percent) are extremely or very concerned about hacking vs. 35 percent of
UK consumers.
How concerned are you about your online accounts being hacked?
US
N=1,004
UK
N=1,016
Total
N=2,020
Extremely concerned 24% 11% 17%
Very concerned 32% 24% 28%
Moderately concerned 32% 43% 37%
Slightly concerned 10% 17% 14%
Not at all concerned 2% 5% 4%
Total 100% 100% 100%
Extremely or Very Concerned 56% 35% 45%
*p<.01
Millennials and Gen Xers are more concerned about the risk of being hacked.
Five in ten consumers age 18 to 50 are extremely or very concerned about their online accounts being
hacked, versus four in ten Baby Boomers (51 to 69) and only 25 percent of the Silent Generation (70 and
older).
How concerned are you about your online accounts being hacked?
Millennial
18-34
Gen X
35-50
Boomer
51-69
Silent
70+
Total
Extremely concerned 19% 20% 14% 9% 17%
Very concerned 28% 29% 27% 16% 28%
Moderately concerned 37% 34% 39% 50% 37%
Slightly concerned 12% 13% 16% 21% 14%
Not at all concerned 3% 4% 4% 4% 4%
Total 100% 100% 100% 100% 100%
Extremely or Very Concerned 47% 49% 41% 25% 45%
*p<.01
Four in ten consumers experienced security incidents in the past year.
In the past 12 months, 40 percent of online consumers say they had one or more of the following
security incidents: received a notice that their personal information had been compromised, had an
account hacked or had a password stolen.
9. THE MOBILE IDENTITY COMPANY 9 @TELESIGN TELESIGN.COM
US online account users were more likely to experience one or more security incidents.
In the past year, 50 percent of US consumers experienced a security incident (received a notice that
their personal information may have been compromised, had an account hacked or had a password
stolen), compared with only 30 percent of UK online consumers.
Online Security Incidents that Occurred in the Last 12 Months
US
N=1,004
UK
N=1,016
Total
N=2,020
You received a notice that your personal information
(e.g., user name, password, credit card number,
Social Security Number or National Insurance
Number) may have been compromised.*
41% 23% 32%
One or more of your online accounts were hacked* 23% 11% 17%
One or more of your passwords were stolen* 17% 4% 10%
One or More of the Above 50% 30% 40%
*p<.01
Majority changed their passwords when they discovered the security incident.
Seventy percent of those who experienced an online security incident changed their password.
Four in ten victims added or updated their security questions in response to the security
incident.
Three in ten contacted the company to report the incident and three in ten changed their user
name or email address.
10%
17%
32%
40%
0% 5% 10% 15% 20% 25% 30% 35% 40% 45%
Password stolen
Online account hacked
Received a notice that personal information
may have been compromised
One or more of security incidents below
Online Security Incidents that Occurred in the Last 12 Months
10. THE MOBILE IDENTITY COMPANY 10 @TELESIGN TELESIGN.COM
Those in the US were more likely to turn on two-factor authentication.
Overall, 21 percent of consumers who experienced a security incident enabled 2FA. However, victims in
the US were more likely to turn on 2FA (25 percent vs. 14 percent in the UK).
What did you do when you discovered the security incident(s)?
(Choose all that apply)
US
N=506
UK
N=302
Total
N=808
Changed your password 71% 69% 70%
Added or updated your security questions 41% 34% 39%
Contacted the company to report the problem or get
help
32% 36% 34%
Changed your user name or email address 32% 24% 29%
Turned on two-factor authentication* 25% 14% 21%
Set up alternate contact information for your account 21% 20% 20%
Closed the online account* 15% 8% 12%
Other 6% 5% 6%
Nothing. You took no action. 4% 5% 5%
*p<.01
Millennials and Gen Xers are most likely to take action after a security incident.
Compared with older consumers, Millennials and Gen Xers took more protective steps after discovering
a security incident.
5%
12%
20%
21%
29%
34%
39%
70%
0% 10% 20% 30% 40% 50% 60% 70% 80%
Nothing, took no action
Closed the online account
Set up alternate contact information
Turned on two-factor authentication
Changed your user name or email address
Contacted the company to report the problem or get help
Added or updated your security questions
Changed your password
What did you do when you discovered the security incident(s)?
11. THE MOBILE IDENTITY COMPANY 11 @TELESIGN TELESIGN.COM
What did you do when you discovered the security incident(s)?
(Choose all that apply)
Millennial
18-34
Gen X
35-50
Boomer
51-69
Silent
70+
Total
N=808
Changed your password 74% 69% 66% 68% 70%
Added or updated your security
questions*
44% 38% 31% 24% 39%
Contacted the company to
report the problem or get help
31% 36% 35% 40% 34%
Changed your user name or
email address*
33% 31% 20% 12% 30%
Turned on two-factor
authentication*
32% 18% 6% 16% 21%
Set up alternate contact
information for your account*
26% 20% 13% 12% 20%
Closed the online account 12% 14% 9% 16% 12%
Other* 2% 7% 9% 16% 6%
Nothing. You took no action. 3% 5% 7% 4% 5%
*p<.01
Identical Passwords Used on Multiple Online Accounts Put Consumers at High Risk
Consumers have an average of 23 online accounts, but use only 6 passwords to protect them.
Most respondents do not use unique passwords for each online account. Almost three-fourths of
accounts (73 percent) use duplicate passwords.
Total Number of Password Protected Online Accounts
in 11 Categories1
US
N=1,004
UK
N=1,016
Total
N=2,020
1 to 4 2% 3% 2%
5 to 9 10% 12% 11%
10 to 19 33% 36% 35%
20 to 29 28% 26% 27%
30 to 39 16% 14% 15%
40 to 110 11% 9% 10%
Total 100% 100% 100%
Average Number of Accounts 23.5 21.7 22.6
Average Number of Passwords 5.9 6.3 6.1
Ratio 25% 29% 27%
1 Communication, email, entertainment, file sharing, financial, health,
news and sports, shopping, social networks, software in the cloud, travel
12. THE MOBILE IDENTITY COMPANY 12 @TELESIGN TELESIGN.COM
Those 50 and older protect more of their online accounts with unique passwords.
Baby Boomers and the Silent Generation use an average of seven passwords to protect their online
accounts vs. five for Millennials and six for Gen Xers.
Total Number of Password Protected Online Accounts
in 11 Categories1
Millennial
18-34
Gen X
35-50
Boomer
51-69
Silent
70+
Total
N=2,020
1 to 4* 2% 1% 4% 0% 2%
5 to 9* 9% 9% 15% 18% 11%
10 to 19* 34% 36% 33% 46% 35%
20 to 29 30% 25% 27% 21% 27%
30 to 39 16% 17% 13% 9% 15%
40 to 110 10% 12% 8% 6% 10%
Total 100% 100% 100% 100% 100%
Average Number of Accounts 23.4 24.0 20.8 18.8 22.6
Average Number of Passwords 5.2 6.4 6.6 7.2 6.1
Ratio 22% 27% 32% 38% 27%
1 Communication, email, entertainment, file sharing, financial, health, news and sports, shopping, social
networks, software in the cloud, travel
*p<.01
Shopping sites are the most popular online accounts that require passwords.
Consumers have an average of four online shopping accounts, three financial accounts and three email
accounts. UK respondents tend to have more online shopping accounts: 4.5 vs. 3.6 for US respondents.
Approximately how many online accounts do you have within each category?
AVERAGE
US UK Total
Shopping (e.g., Amazon, eBay, etsy, Ikea, Groupon, BestBuy, Walmart,
Target, Argos, Tesco)*
3.6 4.5 4.0
Financial (e.g., banks, investments, credit cards, PayPal, Priceline)* 3.1 3.3 3.2
Email (e.g., Google, Yahoo!, Outlook, iCloud, Comcast, BT)* 2.8 2.5 2.7
Entertainment (e.g., YouTube, Netflix, Pandora, Yahoo! Music, Google
Play, Game Sites)*
2.7 1.9 2.3
Social Networks (e.g., Facebook, Twitter, LinkedIn, Pinterest, Google+,
Meetup)*
2.6 2.0 2.3
Communication (e.g., Internet or Phone Provider, Skype, Google Voice) 2.1 2.2 2.2
Travel (e.g., Airlines, Hotels, TripAdvisor, Booking.com, Expedia)* 1.5 1.9 1.7
File Sharing and Storage (e.g., Dropbox, Google Drive, Instagram, Imgur,
Shutterfly, Flickr)*
1.5 1.1 1.3
Health (e.g., Insurance, WebMD, NHS, NIH, Myfitnesspal,
Weightwatchers, Patient.co, CDC)*
1.5 0.9 1.2
News and Sports (e.g., CNN, BBC, NYT, The Guardian, Huffingtonpost,
ESPN, Yahoo! Sports)*
1.1 0.8 1.0
Software in the Cloud (e.g., Office 365, TurboTax, WordPress, Evernote)* 1.0 0.6 0.8
*p<.01
13. THE MOBILE IDENTITY COMPANY 13 @TELESIGN TELESIGN.COM
Consumers Have Lost Faith in Passwords
The majority of consumers lack confidence that their passwords will protect their online security.
Only 30 percent of consumers are extremely or very confident that their passwords will protect the
security of their online accounts.
Men are more confident than women: 35 percent extremely or very confident vs. 24 percent of
women.
How confident are you that your passwords will protect the security of
your online accounts?
US
N=1,004
UK
N=1,016
Total
N=2,020
Extremely confident 9% 5% 7%
Very confident 25% 21% 23%
Moderately confident 50% 58% 54%
Slightly confident 13% 13% 13%
Not at all confident 3% 3% 3%
Total 100% 100% 100%
Moderately/Slightly/Not at All 66% 74% 70%
*p<.01
Millennials and Gen Xers are more confident in passwords than Baby Boomers or the Silent
Generation.
36 percent of Millennials and 33 percent of Gen Xers are extremely or very confident that their
passwords will protect their online accounts vs. 22 percent of Boomers and 15 percent of those
70 and older.
How confident are you that your passwords will protect the security of
your online accounts?
Millennial
18-34
Gen X
35-50
Boomer
51-69
Silent
70+
Total
N=2,020
Extremely confident 8% 7% 5% 3% 7%
Very confident* 28% 25% 17% 13% 23%
Moderately confident 50% 53% 59% 61% 54%
Slightly confident 13% 11% 14% 14% 13%
Not at all confident 2% 3% 5% 10% 3%
Total 100% 100% 100% 100% 100%
Extremely or Very
Confident
36% 32% 22% 15% 30%
*p<.01
14. THE MOBILE IDENTITY COMPANY 14 @TELESIGN TELESIGN.COM
Most consumers use five or fewer passwords to protect their online accounts.
Over half (54 percent) use five or fewer passwords to protect all of their online accounts.
Approximately how many different passwords do
you use across all of your online accounts?
US
N=1,004
UK
N=1,016
Total
N=2,020
1 2% 1% 1%
2 7% 5% 6%
3 16% 14% 15%
4 15% 15% 15%
5 18% 17% 17%
6 7% 8% 7%
7 4% 3% 4%
8 5% 4% 4%
9 2% 2% 2%
10 or more 25% 31% 28%
Total 100% 100% 100%
Millennials use fewer passwords than those in older generations.
Although they have more online accounts, only 15 percent of Millennials use 10 or more passwords,
compared with 33 percent of Gen Xers, 34 percent of Baby Boomers and 43 percent of the Silent
Generation.
Approximately how many different passwords do
you use across all of your online accounts?
Number of Passwords Millennial
18-34
Gen X
35-50
Boomer
51-69
Silent
70+
Total
N=2,020
1 2% 1% 1% 0% 1%
2 9% 5% 4% 3% 6%
3 21% 12% 11% 14% 15%
4 18% 14% 14% 8% 15%
5 20% 19% 14% 13% 17%
6 6% 6% 10% 8% 7%
7 4% 4% 3% 6% 4%
8 3% 4% 5% 5% 4%
9 2% 2% 3% 3% 2%
10 or more 15% 33% 34% 43% 28%
Total 100% 100% 100% 100% 100%
1 to 3 32% 19% 16% 17% 22%
*p<.01
One in 14 consumers (7 percent) report using at least one of the 25 most common passwords.
The most commonly used password in 2014 were 123456, password, 12345, 12345678, qwerty,
123456789, 1234, baseball, dragon, football, 1234567, monkey, letmein, abc123, 111111, mustang,
access, shadow, master, michael, superman, 696969, 123123, batman, and trustno1. One in 14
consumers say they have used one or more of them for their online accounts (http://gizmodo.com/the-
25-most-popular-passwords-of-2014-were-all-doomed-1680596951).
15. THE MOBILE IDENTITY COMPANY 15 @TELESIGN TELESIGN.COM
US consumers have used these easily guessed passwords more than UK consumers: 12 percent
vs. 3 percent.
Eleven percent of Millennials and 9 percent of Gen Xers have used one of these commonly
stolen passwords, compared with 2 percent of Boomers and 3 percent of Silent Generation
online consumers.
More men (10 percent) than women (5 percent) have used the most common passwords.
Almost half (47 percent) are using a password that hasn’t been changed in five or more years.
The vast majority (77 percent) have a password that is one year or older.
Approximately how old is the oldest password you use for one or
more online accounts?
US
N=1,004
UK
N=1,016
Total
N=2,020
Less than 6 months old 14% 13% 13%
6 months to 11 months 11% 8% 9%
1 year to 4 years old 30% 30% 30%
5 years to 9 years old 25% 27% 26%
10 years to 14 years old 14% 15% 14%
15 years to 19 years old 5% 5% 5%
20 years or older 2% 2% 2%
Total 100% 100% 100%
The oldest generation has the oldest passwords.
One-third (33 percent) of Silent Generation online users (70 and up) are using a password that is 10
years or older, thus leaving themselves at greater risk than younger generations.
12%
3%
11%
9%
2% 3%
10%
5%
7%
0%
2%
4%
6%
8%
10%
12%
14%
US UK 18 to 34 35 to 50 51 to 69 70+ Men Women Total
Have Used One or More of the Most Common Passwords
16. THE MOBILE IDENTITY COMPANY 16 @TELESIGN TELESIGN.COM
Approximately how old is the oldest password you use for one or more online accounts?
Millennial
18-34
Gen X
35-50
Boomer
51-69
Silent
70+
Total
N=2,020
Less than 6 months old 12% 15% 14% 10% 13%
6 months to 11 months 9% 11% 9% 9% 9%
1 year to 4 years old 34% 28% 29% 24% 30%
5 years to 9 years old 29% 25% 24% 24% 26%
10 years to 14 years old 12% 15% 15% 22% 14%
15 years to 19 years old 4% 5% 6% 7% 5%
20 years or older 1% 2% 4% 4% 2%
Total 100% 100% 100% 100% 100%
1+ years 80% 75% 77% 80% 77%
5+ years 46% 47% 48% 57% 47%
10+ years 17% 22% 24% 33% 21%
*p<.01
Majority of Consumers Want Help in Understanding and Using Two-Factor Authentication
Majority want advice on how to protect the security of their online accounts.
Seven in ten (72 percent) would welcome advice on how to protect the security of their online accounts.
US respondents are more eager for advice: 79 percent vs. 66 percent of UK respondents.
I would welcome advice on how to protect the security
of my online accounts.
US
N=1,004
UK
N=1,016
Total
N=2,020
Strongly Agree 36% 21% 28%
Agree 43% 45% 44%
Neutral 19% 28% 23%
Disagree 1% 4% 3%
Strongly Disagree 1% 2% 2%
Total 100% 100% 100%
Strongly Agree/Agree 79% 66% 72%
*p<.01
Millennials are more eager for advice on how to protect the security of their online accounts.
Eight in ten (81 percent) would welcome advice on how to protect the security of their online accounts.
Only 53 percent of the oldest generation want advice about online security.
17. THE MOBILE IDENTITY COMPANY 17 @TELESIGN TELESIGN.COM
I would welcome advice on how to protect the security of
my online accounts.
Millennial
18-34
Gen X
35-50
Boomer
51-69
Silent
70+
Total
N=2,020
Strongly Agree 33% 28% 25% 13% 28%
Agree 48% 45% 39% 40% 44%
Neutral 17% 22% 30% 39% 23%
Disagree 1% 3% 4% 3% 3%
Strongly Disagree 1% 1% 2% 6% 2%
Total 100% 100% 100% 100% 100%
Strongly Agree/Agree 81% 74% 64% 53% 72%
*p<.01
Majority do not know what two-factor authentication is.
Six in ten (61 percent) do not know the meaning of the term two-factor authentication. Only 39 percent
of consumers know what 2FA is.
81%
74%
64%
53%
0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
18-34 35-50 51-69 70+
Millennial Gen X Boomer Silent
Would Welcome Advice on How to Protect Security
of Online Accounts
No
61%
Yes
39%
Know the Meaning of the Term Two-Factor
Authentication
18. THE MOBILE IDENTITY COMPANY 18 @TELESIGN TELESIGN.COM
Knowledge of the term two-factor authentication is higher for US consumers and men.
Almost half (45 percent) of US consumers know the meaning of two-factor authentication (vs. 32
percent of UK consumers. More men (45 percent) than women (32 percent) know what 2FA means.
When given the definition of two-factor authentication, over half are not at all or only slightly familiar
with the term.
Overall, 56 percent are unfamiliar or only slightly familiar with two-factor authentication.
UK respondents are less familiar than US respondents: 61 percent vs. 51 percent US
respondents who are not at all or slightly familiar.
How familiar are you with two-factor authentication1
for your online accounts?
US
N=1,004
UK
N=1,016
Total
N=2,020
Not at all familiar 22% 27% 25%
Slightly familiar 28% 33% 31%
Somewhat familiar 26% 21% 24%
Very familiar 23% 18% 21%
Total 100% 100% 100%
Not at all/Slightly 51% 61% 56%
Somewhat/Very 49% 39% 44%
*p<.01
1 Defined as: Some sites provide the option of an added layer of security
beyond passwords, known as two-factor authentication (2FA) or two-factor
verification. With these, in addition to your password, you have to enter
another code when you sign in. These codes are sent to your smartphone or
cellphone (via an app, text message, phone call) in real time.
More men than women are familiar with two-factor authentication.
Whereas 49 percent of men are somewhat or very familiar with two-factor authentication, only 39
percent of women are familiar with 2FA.
45%
32%
45%
32%
39%
0%
10%
20%
30%
40%
50%
US UK Men Women Total
Know What Two-Factor Authentication Means
19. THE MOBILE IDENTITY COMPANY 19 @TELESIGN TELESIGN.COM
How familiar are you with two-factor authentication1
for your online accounts?
Men
N=1,007
Women
N=1,013
Total
N=2,020
Not at all familiar 22% 27% 25%
Slightly familiar 28% 33% 31%
Somewhat familiar 26% 21% 24%
Very familiar 23% 18% 21%
Total 100% 100% 100%
Not at all/Slightly 51% 61% 56%
Somewhat/Very 49% 39% 44%
*p<.01
1 Defined as: Some sites provide the option of an added layer of security
beyond passwords, known as two-factor authentication (2FA) or two-factor
verification. With these, in addition to your password, you have to enter
another code when you sign in. These codes are sent to your smartphone or
cellphone (via an app, text message, phone call) in real time.
Most Consumers Want Online Companies to Provide an Extra Layer of Protection
Majority would like online companies to provide two-factor authentication.
Seven in ten (68 percent) say they want online companies to provide an extra layer of security, such as
two-factor authentication, to protect their personal information.
US respondents are more interested in having companies provide 2FA: 71 percent vs. 64 percent
of UK respondents.
Would you like online companies to provide an extra layer of
security, such as two-factor authentication, to protect your
personal information?
US
N=1,004
UK
N=1,016
Total
N=2,020
Yes* 71% 64% 68%
No 10% 11% 11%
Don’t know* 18% 24% 21%
Total 100% 100% 100%
*p<.01
Millennials and Gen Xers have the highest interest in two-factor authentication.
Seven in ten Millennials (18 to 34) and Gen Xers (35 to 49) want companies to provide an extra layer of
protection.
20. THE MOBILE IDENTITY COMPANY 20 @TELESIGN TELESIGN.COM
Willingness to turn on two-factor authentication would increase if companies guarantee that mobile
phone numbers will not be used for marketing.
With spamming fears averted, over half of consumers (54 percent) would be more willing to use 2FA.
Would you be more willing to use two-factor authentication if
companies guaranteed they would use your mobile phone
number ONLY for account security and never for marketing?
US
N=1,004
UK
N=1,016
Total
N=2,020
Yes 56% 53% 54%
Maybe 36% 38% 37%
No 8% 9% 9%
Total 100% 100% 100%
Over half of Millennials and Gen Xers say the guarantee would increase their interest in 2FA.
A non-marketing guarantee increases the interest in 2FA for Millennials (59 percent) and Gen Xers (57
percent).
Would you be more willing to use two-factor authentication if companies
guaranteed they would use your mobile phone number ONLY for account security
and never for marketing?
Millennial
18-34
Gen X
35-50
Boomer
51-69
Silent
70+
Total
N=2,020
Yes 59% 57% 47% 43% 54%
Maybe 35% 35% 42% 41% 37%
No 6% 8% 11% 16% 9%
Total 100% 100% 100% 100% 100%
*p<.01
73%
69%
62%
56%
0%
10%
20%
30%
40%
50%
60%
70%
80%
Millennial Gen X Baby Boomer Silent
Would Like Online Companies to Provide an Extra Layer of
Protection, Such as Two-Factor Authentication
21. THE MOBILE IDENTITY COMPANY 21 @TELESIGN TELESIGN.COM
A non-marketing guarantee increases willingness to turn on two-factor authentication more for those
with 30 or more online accounts.
Six in ten consumers with 30 to 110 online accounts say they would be more willing to turn on two-
factor authentication if their mobile number is only used for security purposes.
Only four in ten consumers have turned on two-factor authentication for an online account.
About the same percentage of online users in the US and UK have turned on 2FA.
Have you enabled (or turned on) two-factor authentication for
any of your online accounts?
US
N=1,004
UK
N=1,016
Total
N=2,020
Yes 40% 38% 39%
No 48% 46% 47%
Don’t know 13% 16% 15%
Total 100% 100% 100%
Those who experienced online security incidents are more likely to turn on 2FA for accounts.
Over half (58 percent) of those who experienced an online security incident enabled 2FA on one or more
online account (vs. only 36 percent who did not experience a security incident).
Experienced Security Incident vs. Enabled Two-Factor Authentication
Experienced Security
Incident in Past Year1
N=692
Did Not Experience Security
Incident in Past Year
N=1,034
Total
N=1,726
Enabled 2FA 58% 36% 45%
Have Not Enabled 2FA 42% 64% 55%
Total 100% 100% 100%
*p<.01 Don’t know’s removed
1 Received a notice that your personal information may have been compromised, one or more of your
online accounts were hacked, one or more passwords were stolen
32%
51%
57%
68% 67%
0%
10%
20%
30%
40%
50%
60%
70%
80%
1 to 9 10 to 19 20 to 29 30 to 39 40 to 110
Total Number of Online Accounts
Willing to Use 2FA if Companies Guarantee Mobile Number
Will Not Be Used for Marketing
22. THE MOBILE IDENTITY COMPANY 22 @TELESIGN TELESIGN.COM
The share of people who have turned on 2FA increases with the number of online accounts they have.
Whereas only 19 percent of those with four or fewer online accounts have turned on two-factor
authentication, 64 percent of those with 40 or more online accounts have turned on the service.
Majority turn on two-factor authentication because it’s required or they want an extra layer of
protection.
The requirement to turn on 2FA drives adoption in the UK more than in the US: 70 percent vs. 52
percent. An extra layer of protection is more important to US consumers: 63 percent vs. 44 percent of
UK consumers who have enabled 2FA.
What are the reasons that you use two-factor authentication?
(Choose all that apply.)
US
N=397
UK
N=384
Total
N=781
It was required by the site.* 52% 70% 61%
I want an extra layer of protection.* 63% 44% 54%
I had an account hacked.* 23% 9% 16%
I read or heard about a data breach.* 24% 7% 15%
My personal information was exposed in a data breach.* 17% 3% 10%
*p<.01
The top reason Millennials turn on two-factor authentication is desire for an extra layer of protection.
Six in ten Millennials (61 percent) turn on 2FA because they want another layer of protection, compared
with 55 percent of Gen Xers, 44 percent of Baby Boomers and 35 percent of the Silent Generation.
19%
30%
42%
52%
64%
0%
10%
20%
30%
40%
50%
60%
70%
1 to 9 10 to 19 20 to 29 30 to 39 40 to 110
Total Number of Online Accounts
Enabled 2FA for One or More Online Accounts
23. THE MOBILE IDENTITY COMPANY 23 @TELESIGN TELESIGN.COM
What are the reasons that you use two-factor authentication?
(Choose all that apply.)
Millennial
18-34
Gen X
35-50
Boomer
51-69
Silent
70+
Total
N=781
It was required by the site.* 48% 61% 77% 81% 61%
I want an extra layer of
protection.*
61% 55% 44% 35% 54%
I had an account hacked.* 22% 15% 8% 12% 16%
I read or heard about a data
breach.*
23% 13% 7% 4% 15%
My personal information was
exposed in a data breach.*
15% 10% 3% 12% 10%
*p<.01
Two-factor authentication is most often turned on for financial and email online accounts.
Overall, 66 percent of those who turned on 2FA did so for one or more online financial accounts and 42
percent turned 2FA on for an email account.
2FA is turned on more often on financial sites in the UK and on email accounts in the US.
On what types of sites are you using two-factor authentication? (Choose all that apply.)
US
N=397
UK
N=384
Total
N=781
Financial (e.g., banks, investments, credit cards, PayPal,
Priceline)*
56% 75% 66%
Email (e.g., Google, Yahoo!, Outlook, iCloud, Comcast, BT)* 57% 26% 42%
Shopping (e.g., Amazon, eBay, etsy, Ikea, Groupon,
BestBuy, Walmart, Target, Argos, Tesco)
22% 16% 19%
Social Networks (e.g., Facebook, Twitter, LinkedIn,
Pinterest, Google+, Meetup)*
28% 9% 19%
Communication (e.g., Internet or Phone Provider, Skype,
Google Voice)*
24% 10% 17%
Entertainment (e.g., YouTube, Netflix, Pandora, Yahoo!
Music, Google Play, Game Sites)*
24% 4% 14%
File Sharing and Storage (e.g., Dropbox, Google Drive,
Instagram, Imgur, Shutterfly, Flickr)*
21% 5% 13%
Health (e.g., Insurance, WebMD, NHS, NIH, Myfitnesspal,
Weightwatchers, Patient.co, CDC)*
15% 3% 9%
Software in the Cloud (e.g., Office 365, TurboTax,
WordPress, Evernote)
9% 6% 8%
News and Sports (e.g., CNN, BBC, NYT, The Guardian,
Huffingtonpost, ESPN, Yahoo! Sports)*
11% 1% 6%
Travel (e.g., Airlines, Hotels, TripAdvisor, Booking.com,
Expedia)*
7% 3% 5%
*p<.01
24. THE MOBILE IDENTITY COMPANY 24 @TELESIGN TELESIGN.COM
Millennials are more likely to turn on two-factor authentication for their email accounts.
Six in ten Millennials turn on 2FA for their email accounts, compared to only 30 percent of those 35 and
older.
Millennials are also twice as likely to enable 2FA for social networking accounts: 27 percent vs.
13 percent of older generations.
On what types of sites are you using two-factor authentication?
(Choose all that apply.)
Millennial
18-34
N=314
35 or Older
N=467
Total
N=781
Financial (e.g., banks, investments, credit cards,
PayPal, Priceline)*
54% 73% 66%
Email (e.g., Google, Yahoo!, Outlook, iCloud, Comcast,
BT)*
59% 30% 42%
Social Networks (e.g., Facebook, Twitter, LinkedIn,
Pinterest, Google+, Meetup)*
27% 13% 19%
Shopping (e.g., Amazon, eBay, etsy, Ikea, Groupon,
BestBuy, Walmart, Target, Argos, Tesco)
21% 17% 19%
Communication (e.g., Internet or Phone Provider,
Skype, Google Voice)*
22% 14% 17%
Entertainment (e.g., YouTube, Netflix, Pandora,
Yahoo! Music, Google Play, Game Sites)*
23% 8% 14%
File Sharing and Storage (e.g., Dropbox, Google Drive,
Instagram, Imgur, Shutterfly, Flickr)*
18% 11% 13%
Health (e.g., Insurance, WebMD, NHS, NIH,
Myfitnesspal, Weightwatchers, Patient.co, CDC)
7% 10% 9%
Software in the Cloud (e.g., Office 365, TurboTax,
WordPress, Evernote)
8% 8% 8%
News and Sports (e.g., CNN, BBC, NYT, The Guardian,
Huffingtonpost, ESPN, Yahoo! Sports)*
9% 4% 6%
Travel (e.g., Airlines, Hotels, TripAdvisor, Booking.com,
Expedia)
4% 6% 5%
*p<.01
Using two-factor authentication makes the majority feel their information is more secure.
Almost nine in ten (86 percent) say that turning on two-factor authentication makes them feel their
online information is more secure.
Does using two-factor authentication make you feel that your
online information is more secure?
US
N=397
UK
N=384
Total
N=781
Yes 89% 83% 86%
No 5% 8% 6%
Don’t know 6% 9% 7%
Total 100% 100% 100%
25. THE MOBILE IDENTITY COMPANY 25 @TELESIGN TELESIGN.COM
The majority of those who have not turned on 2FA are unfamiliar with 2FA.
Six in ten consumers (61 percent) have not turned on two-factor authentication. Seven in ten (72
percent) of those who have not turned on 2FA are not at all familiar or only slightly familiar with two-
factor authentication.
The top reasons for not enabling 2FA are don’t know how to set it up, don’t know what it is and online
companies don’t offer it.
Three in ten consumers who aren’t using two-factor authentication say they don’t know how to set it
up, none of their online accounts offers the protection, or they don’t understand what 2FA is.
One-fourth of consumers don’t use 2FA because they’re concerned that their mobile phone
number will be spammed with unwanted marketing.
What are the reasons that you don’t use two-factor authentication?
(Choose all that apply.)
US
N=607
UK
N=632
Total
N=1,239
I don’t know how to enable or set it up. 29% 29% 29%
None of my online accounts offer two-factor
authentication.
28% 30% 29%
I don’t know what it is.* 25% 31% 28%
I’m concerned that my phone number will be
spammed with unwanted marketing.
25% 22% 24%
I’m worried that I won’t be able to gain access to my
accounts.*
17% 10% 14%
Passwords are sufficient protection. 10% 9% 9%
I tried, but it was too difficult to set it up.* 4% 1% 2%
*p<.01
39% 33% 19% 8%
0% 20% 40% 60% 80% 100%
Have Not Enabled Two-Factor Authentication
Not at all familiar Slightly familiar Somewhat familiar Very familiar
26. THE MOBILE IDENTITY COMPANY 26 @TELESIGN TELESIGN.COM
RESEARCH DEMOGRAPHICS
What is your age?
US
N=1,004
UK
N=1,016
Total
N=2,020
18 to 34 (Millennial) 45% 24% 35%
35 to 50 (Gen X) 29% 33% 31%
51 to 69 (Baby Boomer) 24% 37% 30%
70 or older (Silent Generation) 3% 5% 4%
Total 100% 100% 100%
*p<.01
Are you male or female?
US
N=1,004
UK
N=1,016
Total
N=2,020
Male 50% 50% 50%
Female 50% 50% 50%
Total 100% 100% 100%
Which of the following do you own and regularly use?
US
N=1,004
UK
N=1,016
Total
N=2,020
Smartphone (a phone such as an Android or iPhone
that can access your email and the Internet)
95% 94% 95%
Cellphone or mobile phone 20% 18% 19%
Neither of the above 0% 0% 0%
Total 100% 100% 100%
What is the highest level of education that you have completed?
US
N=1,004
Less than High School 1%
High School / GED 15%
Some College 23%
Technical College Degree or Certificate 4%
2-year College Degree 10%
4-year College Degree 29%
Master’s Degree 10%
Doctoral Degree 2%
Professional Degree (e.g., JD, MD, DDS, DC, DO) 4%
Total 100%
27. THE MOBILE IDENTITY COMPANY 27 @TELESIGN TELESIGN.COM
What is the highest level of education that you have completed?
UK
N=1,016
Entry Level Certificate 1%
GCSE/’O’ Level 22%
AS/A-Level 16%
Certificate of Higher Education 7%
Diploma of Higher Education / Foundation Degree / HND 12%
Bachelor’s Degree / Honours Degree 22%
Postgraduate Certificate 1%
Postgraduate Diploma 3%
Master’s Degree 9%
Doctoral Degree 2%
Professional degree (MD, JD) 2%
Other 3%
Total 100%
What range best describes the combined annual household
income of all members of your household?
US
N=1,004
$0 to $24,999 12%
$25,000 to $49,999 26%
$50,000 to $74,999 24%
$75,000 to $99,999 19%
$100,000 or more 19%
Total 100%
What range best describes the combined annual household
income of all members of your household?
UK
N=1,016
£0 to £20,000 24%
£20,000 to £29,999 21%
£30,000 to £39,999 17%
£40,000 to £49,999 12%
£50,000 to £59,999 8%
£60,000 to £69,999 6%
£70,000 or more 11%
Total 100%
28. THE MOBILE IDENTITY COMPANY 28 @TELESIGN TELESIGN.COM
What is your primary employment status?
US
N=1,004
UK
N=1,016
Total
N=2,020
Full-time (employed or self-employed) 48% 45% 47%
Retired* 10% 19% 15%
Part-time (employed or self-employed) 13% 15% 14%
Full-time homemaker 8% 8% 8%
Student* 10% 5% 7%
Not currently employed* 7% 4% 6%
Disabled 3% 3% 3%
Total 100% 100% 100%
*p<.01