Users approach security in a similar way as they do on their desktop computers. This can be a problem, given the unique vulnerability of a smartphone – the small computer that fits in your pocket. Today, nearly 2.3 billion people use a smartphone.
Keeper conducted a detailed survey of 1,000 smartphone users to determine how they protect their devices and sensitive data. Our findings indicated that password reuse across different applications is frequent, average password strength for mobile applications and websites is low and that most users rarely changed passwords. Additionally, survey respondents rated their overall “trust” in the security of mobile carriers as being low.
The good news is that the risky practice of sharing passwords with others – a bad idea regardless of the platform – is relatively rare. Nearly 64% of respondents said they never share passwords, and another 29% said they share them with no more than two people.
We were also surprised to find that the practice of resetting passwords is quite common. More than 80% of responders said they have reset a password at least once within the last 60 days. Frequent password resets are considered one of the best ways to foil prospective intruders
But the practice may be driven more by necessity than by security awareness. We were surprised to find that 52% of respondents said they store passwords by remembering them. While that tactic is neither reliable nor secure, it’s better than writing passwords down on paper, a practice employed by a sizable 23% of our survey-takers.
When they forget a password, more than three-quarters of mobile users told us they can usually access their account in four or fewer attempts. Ten percent reset their password every time they log on, an awkward but effective practice.
Use of social media authentication – also called Open Authorization or “OAuth” – is common. More than three-quarters of the users we surveyed use OAuth on at least one service, and 45% use it on three or more. While OAuth rocks for convenience, it also may potentially expose personally identifiable information to third-party applications, so be careful.
Technology is there to help, but many people don’t use it. We were surprised to find that 55% of smartphone owners have never downloaded protective software. Of the 45% who have, more than half have used an antivirus or anti-malware solution.
Reuse of the same password across multiple applications is quite common, with nearly 84% of users telling us that they access at least two different applications or websites with the same credentials. We commend the 16% who said they never engage in this practice. On the other hand, the 24% who reuse passwords across a whopping five or more applications are playing with fire. We’re also concerned about the 32% of respondents who said they don’t password-protect their phones at all. This is particularly risky behavior because hackers can turn compromised phones into listening devices or use them to track the location of the phone’s owner via the integrated GPS.
People are generally aware that they’re responsible for protecting their own information. A 46% plurality said their mobile device is the least secure device they use, followed by computers at 41% and tablets at distant third at 17%. By that logic, you would expect that people would regard tablets as their most secure devices. But that honor falls to computers, which 52% regard as their most secure device. Strangely, tablets came in a distant third here as well, at 15%.
Bottom line: Mobile devices require just as much security vigilance as desktops. Our survey indicates that people know that, but they’re not getting of the mobile tools that can guarantee peace of mind.