adobe security survey · passwords • fewer than one fourth of people use distinct passwords for...

Adobe Security SurveyOctober 2016

Edelman + Adobe

EDELMAN INTELLIGENCE

Methodology

© COPYRIGHT 2016 DANIEL J EDELMAN INC.

I N TROD U CTI ON

Who?How many?

How?Nationally representative

sample of computer-owning

adults

Total: 2,001

Margin of error: ±2.2%

Millennials (636), Gen X (715), & Baby Boomers (650)*:


Men (1,003) & Women (998)


Online Quantitative

Survey

Coinciding with National Cyber Security Awareness Month (NCSAM), Edelman Intelligence, on behalf of Adobe, conducted a nationally representative survey of ~2,000 computer-owning adults in the United

States to gain insights into consumer behaviors around software updates, password control, and phishing.

When?September 7, 2016 –

September 16, 2016

*For the purposes of this study, Millennials are ages 18-34, Gen Xers are ages 35-54, and Baby Boomers are 55 or older


Key Findings Software Updates

• Almost two thirds of people update their software immediately

• Security and crash control are top reasons for updating software

• For those who do not update their software (a small subset), the top reason is they don’t trust that the update is legitimate

• Perceptions around software updates are genuinely positive

Passwords

• Fewer than one fourth of people use distinct passwords for each of their accounts

• Many people store their passwords where others can find them

• A majority of people do not update passwords regularly or frequently

Phishing

• While almost three fourths of people say they can identify phishing emails, more than one third believe they have been victims of phishing

• Four out of ten people would still open an email from an unknown sender, with Millennials the most gullible

© COPYRIGHT 2016 DANIEL J EDELMAN INC.4

Software Updates


Most people update their software when updates are first released

D ETA I L ED FI N D I N GS

Q1: Do you typically update the software on your computer when new updates are released? A software update is a (generally free) download that provides fixes for features that aren't working as intended or for security issues, or that adds minor software enhancements or compatibility with other software or hardware. Software updates are typically available directly through the software program or via the software maker’s website.

64%

30%

4% 1%

Yes, I do It varies depending on what the update is/is for

No, I don’t I’m not sure

Tendency to Update Computer SoftwareShowing total


Among those who typically update their software, security and crash prevention are top determinants


Q3: You mentioned you typically update the software on your computer when new updates are released. Which, if any, are your reasons for doing so? Please select all that apply.

68% 68%62%

55%

36%

25%

It is important to install updates to keep my

computer safe and secure from hackers

Updating ensures my software is free of bugs and

runs more smoothly / crashes less often

I want to make sure all my devices, softwares,

programs, etc. remain compatible

I want to make sure I have the latest and greatest

features

I assume I have to or else I would compromise the

effectiveness of my software

I get sick of the reminders to update my software

Reasons for Updating SoftwareShowing those who typically update their software


Among the 1 in 3 who update their software on a variable basis, the types of fixes/improvements provided in an update are a determining factor


Q2: What criteria do you consider when deciding whether or not to update your software? Please select all that apply.

63%

52%

52%

47%

46%

46%

40%

4%

The fixes or improvements provided in the update

How busy I am at the time

New features provided in the update

The time it takes to download/install the update

The software program

The software functionality

The software provider

Other

Decision-Making Criteria for Updating SoftwareShowing those whose updating habits vary


Among the vast majority who typically update, a plurality choose to be prompted as updates become available


Q5: How do you typically update your software?

41%

34%

12%

9%

3%

0%

I typically choose to be prompted when new software updates are available

If the software has the option to install updates automatically without me being prompted or having to take any action, I choose this option

It varies depending on the software

I manually check for updates (e.g., via the menu option in the software itself or on the company's website)

I didn’t know there was more than one way to update software

None of the above

Typical Software Update MethodsShowing those who typically update their software

Baby Boomers who typically update their

software are more likely to choose automatic updates than Millennials (38% BB,

34% GX, 31% Mill)


Among those who typically update their software and choose to be prompted as updates become available, 1 in 3 update on the first notification; most require between 2 and 5 notifications


Q8: If you receive update notifications, approximately how many times (on average), do you need to see a prompt to update the software on your computer before you actually do it?

36%

39%

21%

2%

2%

0%

0%

1

2

3 to 5

6 to 10

More than 10

I never update software on my computer

I update software on my computer but I don't receive update notifications/prompts

Average Number of Notifications Needed Before UpdatingShowing those who typically update their software and choose to be prompted when updates are

available

2 - 5

Major generational decline in updating after one prompt:

Millennials least likely to do so and Baby Boomers most likely (23% Mill vs 39% GX & 45% BB); Millennials are more likely to

need 3-5 notifications than their older counterparts

(30% Mill vs 21% GX & 12% BB)

First notification

Reminders


Of the small subset of respondents who do not typically update their software*, the # 1 reason cited is a concern an update may not be legitimate


Q6: You mentioned you typically don’t update the software on your computer when new updates are released. Which, if any, are your reasons for not doing so? Please select all that apply. *Note: N is under 100, and therefore data is directional in nature

35%

27%

26%

26%

25%

25%

19%

17%

17%

2%

I don't always know if an update is legitimate vs a virus/malware/from a hacker

The timing of updates is often inconvenient (e.g., when I am in the middle of something)

I don't understand what software updates do

Updating takes too long / I don’t have time

Someone else updates my software for me

I don’t care about having up-to-date software

I don't think there is a benefit to updating my software

Installing updates can slow my computer down or make it crash

I forget to actually install them

I don't trust the software company providing the update

Reasons for Not Updating SoftwareShowing those who do not typically update their software*

(31 respondents)

(24 respondents)

(23 respondents)

(23 respondents)

(22 respondents)

(2 respondents)

(22 respondents)

(17 respondents)

(15 respondents)

(15 respondents)


A majority are equally or more diligent in updating mobile devices vs computers


Q10: Compared to your computer(s), are you more or less diligent when it comes to installing updates on your…?

35%

48%

17%More diligentEqually diligentLess diligent

18%

58%

24%

Compared to their computer(s), consumers are…

when it comes to installing updates on their…

Smartphone TabletMillennials are most likely to be more diligent in updating their smartphones (45% Mill, 34% GX, 20% BB) and more likely than Baby Boomers to be more diligent

in updating their tablets (22% Mill vs 15% BB)


People recognize the importance of software updatesD ETA I L ED FI N D I N GS

Q9: Please complete the following sentence with the answer that best matches your opinion: I find updating software to be…?

3% 19% 20% 38% 21%

I Find Updating Software to be…Showing total

A total nuisance. They interrupt my computer use, so I hardly ever accept

software updates.

Somewhat inconvenient. I usually delay software updates until it’s

absolutely necessary.

Helpful. It reminds me that I need to update my software so I can

continue to be productive.

78% value software updates

Important. Having up-to-date software helps me protect my files and personal

identity.

Absolutely critical. I never want to put my personal or professional

information at risk.

Recognizing the value of updates is lowest among

Millennials (72% Mill, 80% GX, 82% BB); 1 in 4 Millennials find updates somewhat inconvenient


But general knowledge is relatively low…


Q7: To what extent would you agree or disagree with each of the following statements?

11% 7% 8%27% 20%

16% 16% 14%

25%25%20% 26% 30%

24% 33%22% 25% 23%

15% 14%32% 26% 25%9% 8%

I know how to check if any of the software on a computer

needs to be updated

I have a clear understanding of what software updates do

and what the benefits of updating are

I update security software more often than other

softwares

I don’t really understand how software works in general

Downloading software updates can make my

computer more vulnerable

Software OpinionsShowing total

Strongly agree

Somewhat agree

Neither agree nor disagree

Somewhat disagree

Strongly disagree

Baby boomers are less likely than their younger counterparts to know know how to check if software

needs to be updated (49% BB, 55% GX, 58% Mill)

Total Agree 54% 51% 48% 24% 22%


Passwords


Consumers have lots of accounts to keep track of


Q11: Approximately how many password-protected accounts do you have? Please consider accounts such as email, banking, entertainment (e.g., Netflix, social media), shopping, etc.

1%

68%

21%

9%

None 1 to 25 26 to 50+ Not sure…I lost track!

Number of Password-Protected AccountsShowing total


3 in 4 recycle their passwords across various accounts


Q12: When signing up for password-protected accounts, which of the following best characterizes how you choose your passwords?

17%

28%31%

24%

I generally use the same password everywhere

I use unique passwords for my most sensitive accounts (e.g., banking, credit

card accounts, etc.) but for the most part I use the same passwords for my password-

protected accounts

I may use the same password on a few sites, but for the most part, I have unique

passwords for my password-protected accounts

I use a different password for each of my online accounts

Password Selection MethodShowing those with password-protected accounts

Millennials are least likely to use different passwords

for each account (18% Mill, 26% GX, 27% BB)


More than half (53%) use note-based methods to keep track of passwordsD ETA I L ED FI N D I N GS

Q13: How do you keep track of the password(s) for your password-protected accounts? (Please select all that apply)

50%

38%

12% 11% 10%

Memory - I can easily remember my password(s)

I keep a printed or handwritten list close to my computer

I save my passwords in a document on my computer

I use password management software

I keep a list in the Notes app on my cell phone

Ways of Keeping Track of Account PasswordsShowing those with password protected accounts

Note-based methods Note-based methods


Millennials favor memory methods, while Baby Boomers favor note-based


Q13: How do you keep track of the password(s) for your password-protected accounts? (Please select all that apply)

69%

22%17%

52%

35%

9%

29%

56%

5%

Memory - I can easily remember my password(s) I keep a printed or handwritten list close to my computer I keep a list in the Notes app on my cell phone

Ways of Keeping Track of Account PasswordsShowing those with password-protected accounts by generations, significant differences only

Millennials Gen X Baby Boomers

68% of Baby Boomers use note-based password

management (a handwritten list, password document saved on their computer, or list in the notes

app of their phone) vs 49% of Gen X and 42% of Millennials


The most common criteria in selecting passwords is securityD ETA I L ED FI N D I N GS

Q14: Which of the following criteria do you consider when selecting a new password? (Select all that apply)

49%43% 41% 40% 39%

6% 5% 5%

Secure (e.g. a mixture of letters,

numbers and special characters, and more

than 10 characters)

Meets the advice or requirements of the

website or app

Meaningful to me, but not to anyone

else

Hard for others to guess

Easy to remember No special characters Sentences instead of words

Short (no more than six characters)

Password-Selection CriteriaShowing those with password-protected accounts

Baby Boomers are most likely to rely on website and app requirements to select

their passwords; Gen X is least likely, with Millennials falling in-between

(44% Mill, 36% GX, 48% BB)


But no matter the standard, the majority doesn’t update passwords regularly or frequently


Q15: On average, how often do you change your passwords?

34%

28%

10%

14%

8%

1%4%

Rarely (less often than once a year on average)

Regularly (on average at least once a year)

Frequently (on average at least once every

month)

Only when prompted by the site

Only if I forget my password and have to

reset it

It depends on the account

Never

Frequency of Password ChangesShowing those with password-protected accounts

Millennials are most likely to admit they rarely change their passwords

(39% Mill, 29% GX, 33% BB); Gen X more likely to change passwords

regularly than Millennials (31% GX, 24% Mill)


Phishing


Most believe they can identify phishing Millennials are most confident


Q20: Do you believe you are generally able to tell a phishing email from a legitimate email? Phishing is a form of fraud in which the attacker tries to learn information such as login credentials or account information by masquerading as a legitimate, reputable entity or person in email, IM or other communication channels.

70%

11%

18%

Yes

No

Unsure

Perceived Ability to Identify Phishing EmailsShowing total

Millennials are considerably more likely to believe they can identify a phishing email than

their older counterparts(80% Mill, 69% GX, 63% BB)


Yet nearly 4 in 10 believe they may have been victims of phishing


Q22: Do you believe you have ever been the victim of phishing?

19% 19% 19%

43%

Yes, I know I have Yes, I believe I have but am not certain I have no idea No, I do not believe I have ever been a phishing victim

Phishing VictimizationShowing total

38% say YES

Millennials are more likely than their older counterparts to say they have not been victimized

(49% Mill, 41% GX, 40% BB)


With emails, people are suspicious of many different items; whether or not the sender is known is a key indicator


Q21: What criteria do you use to determine whether an email is legitimate or not? Please select all that apply.

67% 66% 63%58% 58%

54%50% 49% 46%

Whether or not I know the sender

Email address of sender

Email requests personal

information

Subject line Name or title of sender

Email discusses money, banking, or

finances

Presence of unrequested attachments

Presence of unrequested links

Address of unrequested links

Criteria Used to Determine Email LegitimacyShowing those who believe they can identify a phishing email


But 4 in 10 would open an email from an unknown sender Millennials are most likely to take actions that may put them at risk


Q16: Do you typically open emails you receive from unknown senders?

8%10%

22%

1%

15%

44%

Yes, I always open the emails I receive

Yes, but only if the subject line or email

preview content interests me

Yes, but only if the email appears

legitimate despite the fact that I do not

personally know the sender

Yes, for another reason Only by mistake No, I never open emails from unknown senders

Behavior Around Opening Emails From Unknown SendersShowing total

41% say YES

More than half of Millennials open emails from unknown senders (52% Mill, 38% GX, 33% BB);

Half of Baby Boomers never open emails from unknown senders, even by mistake (34% Mill, 46% GX, 50% BB)


1 in 3 would be more likely to open an email if it appeared to be from a service they use – a common ploy among phishers


Q17: What would make you more likely to open an email from an unknown sender? Please select all that apply*Answer choice asked of those who work full or part time only

33%

25%

15%

10%

10%

9%

4%

41%

If the sender appeared to be affiliated with a service I already use (e.g., my bank, asocial media site I belong to, etc.)

If the sender seemed important (for example, emails from job recruiters, etc.)

If the subject was about re-setting an account password – I want to make sure no onehas hacked my accounts.

If the subject line or email preview discussed financial matters – I want to make sure Idon’t accidentally ignore something important.

If it were sent to my work email – I want to be sure I’m on top of all my workcorrespondence.*

It was sent to my personal email – I’m always connecting with new people and want tomake sure I don’t miss any opportunities.

If there was an attachement included

None of the above

Scenarios That Would Increase Likelihood of Opening Emails From Unknown SendersShowing total


Millennials are the most likely to open email from an unknown sender


Q17: What would make you more likely to open an email from an unknown sender? Please select all that apply

39% 37%

21%

13% 15%12%

8%

26%30%

24%

12%8%

11% 9%4%

43%

29%

14% 12%8%

4%8%

2%

53%

If the senderappeared to beaffiliated with aservice I already use

If the sender seemedimportant

If the subject wasabout re-setting anaccount password

If the subject line oremail previewdiscussed financialmatters

If it was sent to mywork email*

If it was sent to mypersonal email

If there was anattachment included

None of the above

Scenarios That Would Increase Likelihood of Opening Emails From Unknown SendersShowing total by generations

Millennials Gen X Baby Boomers


Nearly half of those who would open an email from an unknown sender would also click on a link in the emailThis rises to more than half of Millennials


Q18: Do you typically click on links in emails you receive from unknown senders?

7%

13%

27%

13%

39%

Yes, I always click on the links in emails I receive

Yes, but only if the linked site or content interests me

Yes, but only if the email appears legitimate despite the

fact that I do not personally know the sender

Only by mistake No, I never click on links in emails from unknown senders

Behavior Around Clicking Links in Emails From Unknown SendersShowing those who open emails from unknown senders

47% say YES

Among those who open emails from unknown senders, Millennials are most likely to click links

present (54% Mill, 49% GX, 37% BB)


4 in 10 would open an attachment Again, half amongst Millennials


Q19: Do you typically open attachments you receive in emails from unknown senders?

6%10%

24%

10%

50%

Yes, I always open the attachments in emails I receive

Yes, but only if the email subject line, the file name or the attachment description

interests me

Yes, but only if the email appears legitimate despite the

fact that I do not personally know the sender

Only by mistake No, I never open attachments in emails from unknown

senders

Behavior Around Opening Attachments in Emails From Unknown SendersShowing those who open emails from unknown senders

40% say YES

Among those who open emails from unknown senders, Millennials are nearly twice as likely as

Baby Boomers to open attachments present (50% Mill, 42% GX, 26% BB)

Thank You

adobe security survey · passwords • fewer than one fourth of people use distinct passwords for...

Documents