Slashdot Mirror

← Back to Stories (view on slashdot.org)

Consumers Prefer Security Over Convenience For the First Time Ever, IBM Security Report Finds (techrepublic.com)

Posted by msmash on from the how-about-that dept.

A new study by IBM Security surveying 4,000 adults from a few different regions of the world found that consumers are now ranking security over convenience. For the first time ever, business users and consumers are now preferring security over convenience. From a report: TechRepublic spoke with executive security advisor at IBM Security Limor Kessem to discuss this new trend. "We always talk about the ease of use, and not impacting user experience, etc, but it turns out that when it comes to their financial accounts...people actually would go the extra mile and will use extra security," Kessem said. Whether it's using two factor authentication, an SMS message on top of their password, or any other additional step for extra protection, people still want to use it. Some 74% of respondents said that they would use extra security when it comes to those accounts, she said.

11 of 50 comments (clear)

  1. Not that it really matters... by supremebob · · Score: 5, Insightful

    Because you know that some dumbass in the home office is storing their admin passwords in cleartext for everyone to see.

    The security auditors always focus on things like crazy password policies and front end security scans, but it's always something stupid like what I mentioned above that screws it up for the rest of us.

    1. Re:Not that it really matters... by Tom · · Score: 2

      Security auditors generally follow a script and the scripts are generally badly written. There are a lot of us security experts out there who have a wider perspective, who knew long before the 2017 NIST about-face that traditional password policies are bullshit, and who smile politely when the security auditors come.

      And if some dumbass stores the admin password in cleartext, or writes it on a post-it, then there's a 90% chance that your password policy is to blame.

      --
      Assorted stuff I do sometimes: Lemuria.org
  2. They will finally stop using IE 6? by jfdavis668 · · Score: 3, Funny

    Does this mean people will move on from Windows XP and IE 6? About time.

  3. Re:Really? by geekmux · · Score: 3, Insightful

    For example, I am right now trying to recall the password for a gmail account. I can't remember when I created the account, I don't remember the only password the account has ever had so I can't tell them what one of the old passwords was, and even though I enter the code they send me by email they refuse to believe I am me. Right now, security is getting in the way of getting something done.

    They gave you multiple ways to protect yourself from security getting in the way, and the system is the problem?

    Hope this clarifies how much your "example", isn't.

  4. Re:BS by geekmux · · Score: 2

    I've worked with end users for 25 years. Security over convenience? 100% BULLSHIT. Not a chance.

    Exactly. Security has never been a priority over convenience, and asking 4,000 people sure as shit isn't proof.

  5. Never believe what people say. by petes_PoV · · Score: 3, Insightful

    Some 74% of respondents said that they would use extra security

    I'll believe this when that actually start doing it.

    People in surveys say all sorts of things. What they actually do is often entirely different. And what they will do in the long term is entirely different again.

    --
    politicians are like babies' nappies: they should both be changed regularly and for the same reasons
  6. Re:BS by umghhh · · Score: 4, Insightful

    It means something still if public sentiment changes. Even if the difference between what people do and they say is huge if what they now say changes this much the chances are the masses move a bit and some less reckless and more competent of us will maybe prevail few % points more often than before. OC that will not be enough even if it is move in proper direction but better than nothing.

  7. Re:If this were true by skids · · Score: 2

    ...and demand SSO solutions from the IT department. If the trend ever does really reverse, we'll see requests for separating password realms from users... and then end up with an even more complicated SSO solution to accommodate that functionality since apparently so many of them neglected to think to implement that feature in their rush towards "one password that works everywhere."

    Oh, BTW, TFA needs to get a clue. SMS texts are not a NIST approved 2FA mechanism anymore, for good reason.

    --
    Someone had to do it.
  8. Re:Really? by Obfuscant · · Score: 3, Informative

    They gave you multiple ways to protect yourself from security getting in the way,

    If you don't remember the password, asking for the password doesn't protect you from the security. Do you remember when you created every account you have? And why bother sending a "secret code" to another email address if you're just going to ignore it? Those are the three ways they give me.

    Most of the "in the way" is the fact that the web page just hangs after you enter the code. So yes, that's their problem. Otherwise, I said "getting in the way", not whose fault it wasn't working was.

  9. Re:Really? by uvajed_ekil · · Score: 2

    If they're looking at this as an either/or question, they're doing it all wrong from the start. Of course most people are educated enough now that they expect some level of security without expecting it to be completely invisible. The trick is figuring out how obtrusive it can be before people will abandon it, and minimizing the user input and slowdown, without a need to completely eliminate either.

    --
    This is a hacked account, for which the owner can not be held responsible.
  10. Re:Really? by drinkypoo · · Score: 4, Insightful

    (. No system can guard against user stupidity.)

    Users sometimes do stupid things. If you don't account for that, you are failing.

    --
    "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"