Internet security: are users ready to counter cyber threats?
The number of Internet users in Russia is growing rapidly: in the fall of 2014, the monthly audience of the RuNet reached 72.3 million users, which accounts for 62% of the population of the Russian Federation. The amount of user data in the network is also increasing, because today, almost everything can be done online: from paying utility bills to buying airline tickets. At the same time, the number of cyber threats is growing. Last year, Heartbleed, Shellshock, iCloud nude celebrity photos and many other IT events thundered all over the world. At the same time, Russians are in greater danger than foreign users: according to Kaspersky Lab, in the second quarter of 2014, Russia ranked first among the countries in which users were most at risk of infection via the Internet.
But is the level of knowledge on how to counter cyber threats grow? Especially considering that today as a result of hacking your account, you can lose much more than at the dawn of the Runet? Many experts believe that a huge number of users still neglect the elementary rules, effectively negating all the efforts made by online services to improve security with their carelessness.
We analyzed how Russian users ensure their safety on the Internet, and also found out how often they are faced with fraud. The online survey, conducted with the involvement of research company Nielsen, was attended by 1,783 people aged 15 to 64 years old who live in cities with a population of over 100 thousand people and surf the Internet at least once a week.
')
One of the ways to protect your login and password when working with various Internet services is to use an encrypted connection using the HTTPS protocol. You can check whether a secure connection is enabled on the Internet resource in the address bar of the browser; as a rule, it is indicated by a lock icon (depending on the type of browser). This check allows you to further verify that the site is not phishing.
The study showed that when you enter personal data in mail and social networks in almost half of the cases, users do not check for the icon of a secure connection. But when making online payments to check the secure connection are almost twice as often. In general, it can be said that users of online services do not attach much importance to the presence or absence of the secure connection icon.
Occasionally, when visiting various sites, users are faced with the announcement of a site security certificate. The presence of such errors may mean that the user is trying to cheat or want to intercept the information transmitted to the server. When an advertisement appears, it is recommended to stop working with a suspicious resource. The majority of users faced such messages (three quarters). At the same time 21% of them continued to work with the site. Interestingly, users under the age of 34 years almost 2 times less often pay attention to the error of the security certificate and continue to work with the site.
For access to both e-mail and social networks, users usually use bookmarks in the browser or links on the quick access page. This method is more secure, as in this case the user is protected from typos that could lead to entering the fraudulent website. However, every tenth user types the address in the browser string.
Obviously, for the most important services, it is recommended to enter unique passwords. After all, hacking third-party resources is the main way to steal accounts. Large services are constantly working to enhance their security, while many small forums, torrent trackers, online stores neglect such things - and hackers, knowing this, attack them. If, when registering on a weakly protected resource, a person has specified the same password that he uses for mail, then in the event of a resource being hacked, the hacker automatically gains access to the box. The survey results show that 12% of respondents use the same passwords for all accounts. 36% of respondents use different passwords for the most important, the same for the least.
According to the results of our research, on average, a RuNet user has three email inboxes. Below we will separately consider the use of the main box (the only or most often used for personal purposes) and additional.
Since it is quite difficult to come up with different passwords for all accounts, many experts recommend using unique passwords for the most important ones, including mail and social networks, and the same passwords for others. However, 24% of email users use the password from the main mailbox on other resources, of which about 2/3 of mail users use the same password in social networks (62%), 27% in online stores, 25% in an additional email the box.
Ideally, passwords should be changed every three months. However, only one-fifth of the respondents do this. It is noteworthy that 22% of the research participants never changed the password from their main mailbox, and every third from an additional one.
Users rarely use a password change on social networks - 38% change their password no more than once a year, and 18% never change it at all.
According to modern security standards, a strong password must consist of at least eight characters and be a combination of letters in different case, numbers and special characters, chosen according to a random or understandable principle for the user alone. Only 26% of respondents use a password consisting of symbols, letters, and numbers. For most users, the password consists only of letters and numbers. 37% of respondents use only lowercase letters in the password. Moreover, among owners of relatively short (less than 8 characters) passwords, such carelessness occurs almost one and a half times more often than among those whose password consists of 8 characters or more (44% and 32%, respectively). 43% of respondents use passwords from 6 to 8 characters long. 27% - from 9 to 10 characters. Only 26% of users have passwords longer than 10 characters.
Almost a third of users use an arbitrary set of letters as their password (29%), and another 27% use a word invented by themselves. 17% prefer to use the Russian word in the password, typed in Latin letters, which is an insecure option, since attackers also know how to switch the keyboard layout. Among those whose passwords contain numbers, 17% use the date of birth (theirs or close ones), 5% use the phone number.
Most users remember passwords from mail and social networks by heart, about 30% - write on paper. Only 3% of users use special applications for storing passwords.
The quality and frequency of password changes depend mainly on the user. However, today Internet services have the opportunity to influence the level of complexity of the passwords to be set. Many resources do not allow the creation of short
In addition, in the process of creating a password, an assessment of its level of complexity is displayed and advisory prompts pop up, calling for the use of upper and lower case letters, numbers and special characters.
We were also interested in what security measures users of various Internet services take: what methods of password recovery they use, how they relate to incoming links to the mail, and how they assess the security of their accounts. Separately, questions were asked about security measures that users most often resort to when making online payments.
Today, the safest way to recover a password is to bind to a mobile phone number. This method of password recovery from the main box is used by 68% of respondents. Those who bind to the phone number an additional box, less - 41%. Most often, a secret question is used to recover a password from an additional mailbox, which is much less secure compared to a phone number, since, in fact, it is another password.
One of the common methods of hacking accounts - phishing. A typical example: a user is sent a link to a site disguised as an authorization page on a popular resource. The person enters the username and password, which are immediately sent into the hands of the attacker. Therefore, when clicking on links that come from unknown senders, you need to be very careful: it is better not to open them at all. Or, at least, check the address of the site. The results of the study suggest that users are wary of links that came to the main email box: 74% in such cases always carefully check the address before clicking on the link. But at the same time, people are less careful about the security of an additional account: they change the password less often, use the phone number binding less often, preferring a secret question for recovery.
Consider the security measures most often resorted to by users with online payments. First of all, they study information about the online store in the network (60%). 27% try not to make purchases in stores with free hosting. 17% verify the certificate of authenticity issued by the site. Another 17% use a virtual keyboard to protect themselves from keyloggers.
In addition to users' knowledge of possible security measures, we were interested in their opinion about how protected their accounts in the mail and social networks. Nearly half of users think their accounts are safe. About a third are concerned about the vulnerability of their email accounts, considering that their mailboxes are “completely unprotected” or “rather unprotected”. The security of the main and additional boxes on average is estimated the same.
Social network users are no longer confident in the security of their accounts. In addition, nearly two-thirds of users fear that the information they publish on social networks may fall into the hands of fraudsters.
Today, tens of thousands of people face Internet fraud every day. “Fraud” means the theft of a password from an account and / or sending spam on behalf of the user in the mail, the social network, as well as fraud in online payments (for example, debiting funds from the card). Many experts believe that users most often suffer from their own carelessness or carelessness, nullifying the efforts of Internet companies to improve security. This is confirmed by the results of our research. A quarter of the study participants were faced with theft of the password from the main box, and 9% - repeatedly. 17% of respondents stole a password from an additional mailbox.
Our respondents are more likely to face social network fraud than when using mail or making online payments. Almost half of the users of social networks (48%) stole passwords, 58% received fraudulent messages, half faced with spamming on their own behalf.
Most users fell victim to fraud for three reasons: they used simple passwords, downloaded viruses, switched to fraudulent sites. When making online payments using a simple password is less likely to cause a collision with fraud.
Online fraud is most often faced by people aged 15-34 years old, single or unmarried. Among them there are more women than men. People over the age of 45 most often claim that they have not encountered online fraud. Usually they are married (married) or are in a civil marriage. Men among them are somewhat more than women.
In general, it can be stated that users are still not closely monitoring their security on the Internet. So, almost two thirds of online service users have ever been victims of fraud (64%). Among the causes, victims are often referred to as a simple password, a downloaded virus, or a transition to a fraudulent website. Almost two times less often, users say that they suffered because of the use of one password on several services or because they responded to a fraudulent message. Among victims of online service fraud, there are more unmarried users aged 15–34 years.
When entering personal data (for example, login or password), almost half of users of online services (mail, social networks) do not check for a secure connection.
Every fifth user has never changed the password from the main mailbox, and every third user has changed the password from an additional mailbox. Users rarely use password change on social networks: 38% change their password no more than once a year, and 18% never change their password at all.
Almost a quarter of email users use a password from the main mailbox on other resources, of which 62% are on social networks, 27% on online stores and 25% on an additional mailbox.
Users tend to treat the security of an additional mailbox less carefully compared to the main one: they change the password less often, use the phone number binding less often, preferring a secret question for account recovery.
Only a quarter of users use the most secure password, consisting of characters, letters and numbers. 43% of users have a password no longer than eight characters, the password consists of letters and numbers (without the use of special characters). Slightly more than a third of users (37%) use only lowercase letters in the password. If we talk about the numbers used in the password, 16% choose a date of birth - yours or loved ones. As for the letter elements of the password, every sixth user chooses a Russian word typed in Latin letters, 8% - last name, first name or middle name, 7% - a few words in a row.
29% of users use an arbitrary set of letters as a password and 27% use a word invented by them.
43% of respondents use passwords from 6 to 8 characters long. Just over a quarter (27%) is from 9 to 10 characters. However, it can be assumed that this is mainly due to the fact that today many online services do not allow the user to enter a short and too simple password (so, when registering in Mail.Ru Mail or creating a new profile in Odnoklassniki, the user will not be able to enter a password less than six characters and consisting only of letters).
To recover the password from the main mailbox, most users (68%) use the binding to the phone number.
Users are wary of links that come to the main email box: almost three-quarters of the respondents (74%) in such cases always carefully check the address before clicking on the link.
But is the level of knowledge on how to counter cyber threats grow? Especially considering that today as a result of hacking your account, you can lose much more than at the dawn of the Runet? Many experts believe that a huge number of users still neglect the elementary rules, effectively negating all the efforts made by online services to improve security with their carelessness.
We analyzed how Russian users ensure their safety on the Internet, and also found out how often they are faced with fraud. The online survey, conducted with the involvement of research company Nielsen, was attended by 1,783 people aged 15 to 64 years old who live in cities with a population of over 100 thousand people and surf the Internet at least once a week.
')
Connection Security Check
One of the ways to protect your login and password when working with various Internet services is to use an encrypted connection using the HTTPS protocol. You can check whether a secure connection is enabled on the Internet resource in the address bar of the browser; as a rule, it is indicated by a lock icon (depending on the type of browser). This check allows you to further verify that the site is not phishing.
The study showed that when you enter personal data in mail and social networks in almost half of the cases, users do not check for the icon of a secure connection. But when making online payments to check the secure connection are almost twice as often. In general, it can be said that users of online services do not attach much importance to the presence or absence of the secure connection icon.
Occasionally, when visiting various sites, users are faced with the announcement of a site security certificate. The presence of such errors may mean that the user is trying to cheat or want to intercept the information transmitted to the server. When an advertisement appears, it is recommended to stop working with a suspicious resource. The majority of users faced such messages (three quarters). At the same time 21% of them continued to work with the site. Interestingly, users under the age of 34 years almost 2 times less often pay attention to the error of the security certificate and continue to work with the site.
For access to both e-mail and social networks, users usually use bookmarks in the browser or links on the quick access page. This method is more secure, as in this case the user is protected from typos that could lead to entering the fraudulent website. However, every tenth user types the address in the browser string.
Passwords used
Obviously, for the most important services, it is recommended to enter unique passwords. After all, hacking third-party resources is the main way to steal accounts. Large services are constantly working to enhance their security, while many small forums, torrent trackers, online stores neglect such things - and hackers, knowing this, attack them. If, when registering on a weakly protected resource, a person has specified the same password that he uses for mail, then in the event of a resource being hacked, the hacker automatically gains access to the box. The survey results show that 12% of respondents use the same passwords for all accounts. 36% of respondents use different passwords for the most important, the same for the least.
According to the results of our research, on average, a RuNet user has three email inboxes. Below we will separately consider the use of the main box (the only or most often used for personal purposes) and additional.
Since it is quite difficult to come up with different passwords for all accounts, many experts recommend using unique passwords for the most important ones, including mail and social networks, and the same passwords for others. However, 24% of email users use the password from the main mailbox on other resources, of which about 2/3 of mail users use the same password in social networks (62%), 27% in online stores, 25% in an additional email the box.
Ideally, passwords should be changed every three months. However, only one-fifth of the respondents do this. It is noteworthy that 22% of the research participants never changed the password from their main mailbox, and every third from an additional one.
Users rarely use a password change on social networks - 38% change their password no more than once a year, and 18% never change it at all.
According to modern security standards, a strong password must consist of at least eight characters and be a combination of letters in different case, numbers and special characters, chosen according to a random or understandable principle for the user alone. Only 26% of respondents use a password consisting of symbols, letters, and numbers. For most users, the password consists only of letters and numbers. 37% of respondents use only lowercase letters in the password. Moreover, among owners of relatively short (less than 8 characters) passwords, such carelessness occurs almost one and a half times more often than among those whose password consists of 8 characters or more (44% and 32%, respectively). 43% of respondents use passwords from 6 to 8 characters long. 27% - from 9 to 10 characters. Only 26% of users have passwords longer than 10 characters.
Almost a third of users use an arbitrary set of letters as their password (29%), and another 27% use a word invented by themselves. 17% prefer to use the Russian word in the password, typed in Latin letters, which is an insecure option, since attackers also know how to switch the keyboard layout. Among those whose passwords contain numbers, 17% use the date of birth (theirs or close ones), 5% use the phone number.
Most users remember passwords from mail and social networks by heart, about 30% - write on paper. Only 3% of users use special applications for storing passwords.
The quality and frequency of password changes depend mainly on the user. However, today Internet services have the opportunity to influence the level of complexity of the passwords to be set. Many resources do not allow the creation of short
- password without numbers. So, for example, in Mail.Ru Mail it is impossible to create a password:
- shorter than six characters
- matching login
- only from numbers or from numbers and points and shorter than 10 characters,
- being a dictionary word.
In addition, in the process of creating a password, an assessment of its level of complexity is displayed and advisory prompts pop up, calling for the use of upper and lower case letters, numbers and special characters.
Security measures when using online services
We were also interested in what security measures users of various Internet services take: what methods of password recovery they use, how they relate to incoming links to the mail, and how they assess the security of their accounts. Separately, questions were asked about security measures that users most often resort to when making online payments.
Today, the safest way to recover a password is to bind to a mobile phone number. This method of password recovery from the main box is used by 68% of respondents. Those who bind to the phone number an additional box, less - 41%. Most often, a secret question is used to recover a password from an additional mailbox, which is much less secure compared to a phone number, since, in fact, it is another password.
One of the common methods of hacking accounts - phishing. A typical example: a user is sent a link to a site disguised as an authorization page on a popular resource. The person enters the username and password, which are immediately sent into the hands of the attacker. Therefore, when clicking on links that come from unknown senders, you need to be very careful: it is better not to open them at all. Or, at least, check the address of the site. The results of the study suggest that users are wary of links that came to the main email box: 74% in such cases always carefully check the address before clicking on the link. But at the same time, people are less careful about the security of an additional account: they change the password less often, use the phone number binding less often, preferring a secret question for recovery.
Consider the security measures most often resorted to by users with online payments. First of all, they study information about the online store in the network (60%). 27% try not to make purchases in stores with free hosting. 17% verify the certificate of authenticity issued by the site. Another 17% use a virtual keyboard to protect themselves from keyloggers.
In addition to users' knowledge of possible security measures, we were interested in their opinion about how protected their accounts in the mail and social networks. Nearly half of users think their accounts are safe. About a third are concerned about the vulnerability of their email accounts, considering that their mailboxes are “completely unprotected” or “rather unprotected”. The security of the main and additional boxes on average is estimated the same.
Social network users are no longer confident in the security of their accounts. In addition, nearly two-thirds of users fear that the information they publish on social networks may fall into the hands of fraudsters.
Fraud experience
Today, tens of thousands of people face Internet fraud every day. “Fraud” means the theft of a password from an account and / or sending spam on behalf of the user in the mail, the social network, as well as fraud in online payments (for example, debiting funds from the card). Many experts believe that users most often suffer from their own carelessness or carelessness, nullifying the efforts of Internet companies to improve security. This is confirmed by the results of our research. A quarter of the study participants were faced with theft of the password from the main box, and 9% - repeatedly. 17% of respondents stole a password from an additional mailbox.
Our respondents are more likely to face social network fraud than when using mail or making online payments. Almost half of the users of social networks (48%) stole passwords, 58% received fraudulent messages, half faced with spamming on their own behalf.
Most users fell victim to fraud for three reasons: they used simple passwords, downloaded viruses, switched to fraudulent sites. When making online payments using a simple password is less likely to cause a collision with fraud.
Online fraud: who runs into it? Social demographic user profile
Online fraud is most often faced by people aged 15-34 years old, single or unmarried. Among them there are more women than men. People over the age of 45 most often claim that they have not encountered online fraud. Usually they are married (married) or are in a civil marriage. Men among them are somewhat more than women.
findings
In general, it can be stated that users are still not closely monitoring their security on the Internet. So, almost two thirds of online service users have ever been victims of fraud (64%). Among the causes, victims are often referred to as a simple password, a downloaded virus, or a transition to a fraudulent website. Almost two times less often, users say that they suffered because of the use of one password on several services or because they responded to a fraudulent message. Among victims of online service fraud, there are more unmarried users aged 15–34 years.
When entering personal data (for example, login or password), almost half of users of online services (mail, social networks) do not check for a secure connection.
Every fifth user has never changed the password from the main mailbox, and every third user has changed the password from an additional mailbox. Users rarely use password change on social networks: 38% change their password no more than once a year, and 18% never change their password at all.
Almost a quarter of email users use a password from the main mailbox on other resources, of which 62% are on social networks, 27% on online stores and 25% on an additional mailbox.
Users tend to treat the security of an additional mailbox less carefully compared to the main one: they change the password less often, use the phone number binding less often, preferring a secret question for account recovery.
Only a quarter of users use the most secure password, consisting of characters, letters and numbers. 43% of users have a password no longer than eight characters, the password consists of letters and numbers (without the use of special characters). Slightly more than a third of users (37%) use only lowercase letters in the password. If we talk about the numbers used in the password, 16% choose a date of birth - yours or loved ones. As for the letter elements of the password, every sixth user chooses a Russian word typed in Latin letters, 8% - last name, first name or middle name, 7% - a few words in a row.
29% of users use an arbitrary set of letters as a password and 27% use a word invented by them.
43% of respondents use passwords from 6 to 8 characters long. Just over a quarter (27%) is from 9 to 10 characters. However, it can be assumed that this is mainly due to the fact that today many online services do not allow the user to enter a short and too simple password (so, when registering in Mail.Ru Mail or creating a new profile in Odnoklassniki, the user will not be able to enter a password less than six characters and consisting only of letters).
To recover the password from the main mailbox, most users (68%) use the binding to the phone number.
Users are wary of links that come to the main email box: almost three-quarters of the respondents (74%) in such cases always carefully check the address before clicking on the link.
Source: https://habr.com/ru/post/252091/
All Articles