New Yubico Survey: Boomers Have Better Cybersecurity Habits Than Millennials and Gen Z

Millennials are twice as likely to reuse their passwords on various shopping sites, leaving them vulnerable to account breaches during a busy holiday shopping season

SANTA CLARA, CA and STOCKHOLM, SWEDEN- October 19, 2023 – Yubico, the leading provider of hardware authentication security keys, today announced the results of the company’s 2023 survey, ‘In a growing era of sophisticated phishing attacks, have people adjusted their cybersecurity hygiene?’ conducted by OnePoll. OnePoll, a leading provider of international market research and data communication solutions, surveyed 2,000 consumers* in the United States and the United Kingdom. 

The purpose of this study is to understand attitudes and perceptions from consumers on cybersecurity across the US and UK, with a particular focus on how different age demographics fare in protecting themselves online. Additionally, the survey aimed to learn if consumers are concerned about protecting their online accounts, and if so, how they are protecting them. 

“While it is technically easy for retailers to implement basic username and password authentication for their customers, these types of credentials alone are easy for attackers to circumvent, allowing unauthorized access to online accounts,” said Ben Eichorst, director of infrastructure security at Yubico. “During busy online shopping months, consumers may be tempted to adopt risky habits such as reusing passwords across services, or clicking on order information links that appear legitimate. These kinds of behaviors put consumers at a higher risk for their accounts to be compromised.” 

Key findings from the research indicate that:

  • While 80% of survey respondents are concerned about cybersecurity when it comes to their online accounts, 39% admitted to using the same passwords for multiple accounts.
    • Boomers are the least likely to reuse passwords (20%), while Millennials are more than twice as likely to reuse passwords (47%) across their accounts. 
  • A significant part of online shopping revolves around trusting an online retailer is who they say they are, and effectively safeguarding your personal and financial information. Despite a mistrust of online retailers, consumers are still storing their personal and financial information on these websites.
    • About one third of respondents (32%) are not confident that they could spot a fraudulent or fake online retailer. 
    • About one in three do not “completely” or “mostly” trust the websites they use to effectively protect their personal/credit card information.**
    • 33% of respondents save their credit card information in their online accounts.
  • The study shows the Boomers have a greater mistrust of websites than Millennials, potentially leading them to have better online privacy practices.
    • 37% of Millennials save their credit card information in their online accounts, while only 19% of Boomers do. 
    • On average, Boomers (42%) are almost twice as likely to feel unconfident in their ability to spot a fraudulent online retailer than Gen Z (23%) and Millennials (29%). 
  • Despite being concerned about cybersecurity, approximately one out of two (49%) respondents stated that they do not use MFA, don’t know what it is or are not sure if they have MFA turned on.
    • As with most other categories, Boomers reported having better cybersecurity hygiene than Millennials, with only 47% of them reporting that they do not use MFA, don’t know what it is or are not sure if they have MFA turned on, compared to 52% of Millennials. 

“96% of respondents in our study plan to shop online between October and December, which makes now an ideal time to review online security habits,” Eichorst continued. “While there is much that can be done to improve security, the first step for consumers is to review existing sign-in methods, creating unique credentials stored in a trusted password manager, and, if possible, upgrading login methods to use strong, phishing-resistant, multi-factor authentication solutions, such as the YubiKey.”

For the full results of the survey, you can download an overview of the report here and the associated infographic here. For more information on Yubico, visit www.yubico.com. For additional tips on how to stay safe online this holiday season, see our latest blog here.

About Yubico

Yubico (Nasdaq First North Growth Market Stockholm: YUBICO), the inventor of the YubiKey, offers the gold standard for phishing-resistant multi-factor authentication (MFA), stopping account takeovers in their tracks and making secure login easy and available for everyone. Since the company was founded in 2007, it has been a leader in setting global standards for secure access to computers, mobile devices, servers, browsers, and internet accounts. Yubico is a creator and core contributor to the FIDO2, WebAuthn, and FIDO Universal 2nd Factor (U2F) open authentication standards, and is a pioneer in delivering modern, hardware-based passkey authentication security at scale to customers in over 160 countries.

Yubico’s solutions enable passwordless logins using the most secure form of passkey technology. YubiKeys work out-of-the-box across hundreds of consumer and enterprise applications and services, delivering strong security with a fast and easy experience.

As part of its mission to make the internet more secure for everyone, Yubico donates YubiKeys to organizations helping at-risk individuals through the philanthropic initiative, Secure it Forward. The company is headquartered in Stockholm and Santa Clara, CA. For more information on Yubico, visit us at www.yubico.com.

Contact:

Yubico Communications Team

press@yubico.com

*Data from two double-opt-in surveys conducted by OnePoll on behalf of Yubico. The first survey polled 1,000 U.S. adults on Aug. 30, 2023, and the second polled 1,000 U.K. adults between Aug. 31 and Sept. 1, 2023. The generation breakdown by ages are as follows: Gen Z: 18-26, Millennials: 27-42, Gen X: 43-58, Boomer: 59-77. For each, the margin of error is +/- 3.1 points with 95% confidence. The surveys were conducted by market research company OnePoll, which is a member of the Market Research Society (MRS) and has corporate membership with the American Association for Public Opinion Research (AAPOR).

**Gen Z is not reported here because the results were not statistically significant.

Share this article:


  • Piloting Europe’s future ID: Passkeys securing digital walletsOver the last several years, passkeys have become ubiquitous. They are available on every mobile platform, in every leading browser, as part of all major enterprise IAM solutions, and in most major cloud services. Until wwWallet came along, the only place where passkeys hadn’t yet made an impact is in the rapidly developing world of […]Read moredigital identity walletspasskeysSIROSwwWallet
  • We’re excited for what’s to come – meet us in-person to find out whyIt’s been a busy year for our team, filled with exciting company and product updates aimed at better serving our customers and helping them achieve cyber resilience as AI-driven phishing threats continue evolving globally. Between industry award recognitions and key new executive leadership hires to lead Yubico to its next stage of growth and a […]Read more
  • FIPS certified vs. FIPS compliant: What’s the real difference?“Is your MFA solution FIPS compliant, or is it certified?”  This is a question we hear a lot, and for good reason. In industries where security and compliance are critical (especially in government contracts), understanding the difference between FIPS certified and FIPS compliant isn’t just semantics – it can mean the difference between meeting requirements […]Read moreFIPSNIST
  • Yubico LogoYubico liefert PIN-Verbesserungen mit dem neuen YubiKey 5 – Verbesserte PIN-SchlüsselTo prepare for continuously evolving cyber threats, governments around the world are adapting and updating authentication requirements for online services which directly impact thousands of organizations and their employees. While there’s currently no universal regulation for more robust multi-factor authentication (MFA), the need is highlighted across a range of requirements including PSD2, GDPR, and the […]Read moreYubiKey