We all know we should be protecting our digital lives, but what are Americans actually doing? Yubico recently commissioned a survey, conducted by Talker Research, which asked Americans in 10 major metro cities across the U.S. about their online security habits. Here’s a closer look at what they found (hint: they’re not as secure as they think!)
The password problem
- Nearly half of those surveyed (48%) admit to using the same password for more than one account.
- When it comes to the types of passwords people are using, a quarter (25%) use long, unique passwords provided by a third party like a password manager. The other top passwords include a significant date (16%), a pet’s name (13%), or even the word “password” itself (9%).
- Ironically, it was determined that the city that never sleeps – New York City – and its surrounding metro area residents were the most likely to use “password” or a variation of it.
Security: We’re trying… kind of
- The most common ways people protect online accounts are strong, unique passwords (54%), followed by SMS/text message-based two-factor authentication (51%), and passkeys (34%)
- 62% of respondents have set up passkeys (either synced or hardware passkeys like a YubiKey) to protect their online accounts.
Password changes: our favorite pastime
- 39% of Americans have experienced a cybersecurity incident in the past year, with the average person experiencing three such incidents.
- The most common response to an incident was changing passwords (65%).
- However, nearly one in ten (8%) of those who experienced an incident didn’t change anything at all.
Your security step-up starts here
Ready to take action? Yubico’s chief brand advocate, Ronnie Manning, shares the following tips:
- Ditch the reused passwords: Stop using the same password for multiple accounts. Houston, Atlanta, and Denver residents were most likely to admit to this habit – with 54%, 50%, and 50% respectively. Instead, use a password manager to create and store unique, strong passwords for you.
- Embrace MFA: When it’s available, turn on multi-factor authentication (MFA) for your accounts. Los Angeles, New York, and Atlanta metro area residents were the most likely to not turn on MFA when it’s available. MFA adds an extra layer of security beyond just a password.
- Be smart with public Wi-Fi: A large majority of respondents (79%) use public Wi-Fi. Public networks are often insecure and can make you vulnerable to hackers. One of the best ways to secure yourself is to not use public Wi-Fi at all: to ensure your device doesn’t connect to the first available Wi-Fi network without your consent, you can disable Wi-Fi auto-connect in your settings. Using your phone as a mobile hotspot is another great option with little to no risk of connecting to a rogue network.
- Stay skeptical of potential phishing attacks: With the rise of AI, it’s becoming harder to spot phishing attempts. Only 23% of respondents are very confident they can always identify a phishing attempt. Always double-check links and be cautious of emails or messages asking for personal information.
- Use a hardware security key: While only a small percentage of those surveyed currently use them (5%), hardware security keys are the most trusted and highly secure way to protect your accounts from attacks like phishing which increasingly use tools like AI to become more convincing. Security keys removes the responsibility of the user to recognize a potential threat, and proves that the person logging in is the one who’s supposed to be there by requiring a physical touch of the key. Respondents from the Seattle, San Francisco, and Atlanta metro areas are leading the country in phishing-resistance, with these markets being the most likely to say that using a hardware security key is the most secure method for protecting their online accounts.
Curious how your closest city’s cybersecurity habits stack up against the rest? Dive into our full press release to see the surprising results and find out if your neighbors are winning the online security game.
