Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?
Security IBM

Consumers Prefer Security Over Convenience For the First Time Ever, IBM Security Report Finds ( 50

A new study by IBM Security surveying 4,000 adults from a few different regions of the world found that consumers are now ranking security over convenience. For the first time ever, business users and consumers are now preferring security over convenience. From a report: TechRepublic spoke with executive security advisor at IBM Security Limor Kessem to discuss this new trend. "We always talk about the ease of use, and not impacting user experience, etc, but it turns out that when it comes to their financial accounts...people actually would go the extra mile and will use extra security," Kessem said. Whether it's using two factor authentication, an SMS message on top of their password, or any other additional step for extra protection, people still want to use it. Some 74% of respondents said that they would use extra security when it comes to those accounts, she said.
This discussion has been archived. No new comments can be posted.

Consumers Prefer Security Over Convenience For the First Time Ever, IBM Security Report Finds

Comments Filter:
  • by supremebob ( 574732 ) <> on Monday February 12, 2018 @05:25PM (#56110961) Journal

    Because you know that some dumbass in the home office is storing their admin passwords in cleartext for everyone to see.

    The security auditors always focus on things like crazy password policies and front end security scans, but it's always something stupid like what I mentioned above that screws it up for the rest of us.

    • by Tom ( 822 )

      Security auditors generally follow a script and the scripts are generally badly written. There are a lot of us security experts out there who have a wider perspective, who knew long before the 2017 NIST about-face that traditional password policies are bullshit, and who smile politely when the security auditors come.

      And if some dumbass stores the admin password in cleartext, or writes it on a post-it, then there's a 90% chance that your password policy is to blame.

  • This is the result of a survey. They asked people. Only 4000 of them. And who knows what the question was?

    The answers are meaningless -- actions speak louder than words. What these survey takers have done is found the right question to ask that 4000 people knew the "right" answer to, and they got the "right" answer even if it didn't match reality. It's called "push polling". The only true way to say that people prefer security over convenience is by counting the number of people who actually USE security

    • Re:Really? (Score:4, Insightful)

      by geekmux ( 1040042 ) on Monday February 12, 2018 @05:45PM (#56111099)

      For example, I am right now trying to recall the password for a gmail account. I can't remember when I created the account, I don't remember the only password the account has ever had so I can't tell them what one of the old passwords was, and even though I enter the code they send me by email they refuse to believe I am me. Right now, security is getting in the way of getting something done.

      They gave you multiple ways to protect yourself from security getting in the way, and the system is the problem?

      Hope this clarifies how much your "example", isn't.

      • Re:Really? (Score:4, Informative)

        by Obfuscant ( 592200 ) on Monday February 12, 2018 @06:13PM (#56111297)

        They gave you multiple ways to protect yourself from security getting in the way,

        If you don't remember the password, asking for the password doesn't protect you from the security. Do you remember when you created every account you have? And why bother sending a "secret code" to another email address if you're just going to ignore it? Those are the three ways they give me.

        Most of the "in the way" is the fact that the web page just hangs after you enter the code. So yes, that's their problem. Otherwise, I said "getting in the way", not whose fault it wasn't working was.

    • If they're looking at this as an either/or question, they're doing it all wrong from the start. Of course most people are educated enough now that they expect some level of security without expecting it to be completely invisible. The trick is figuring out how obtrusive it can be before people will abandon it, and minimizing the user input and slowdown, without a need to completely eliminate either.
    • Only 4000 of them.

      I generally agree with what you wrote, but not this. A sample size of 4000 people is PLENTY. There are a lot of things you can do to make surveys and polls more accurate, like ensuring the respondents are representative of the population, and asking unbiased questions, but "asking more people" makes very little difference.

      Asking a few dozen people would have got them within 5% of the "real" answer, and a few hundred would have an error of less than 1%. So asking 4000 people is way overkill. The problems

  • by Anonymous Coward

    I've worked with end users for 25 years. Security over convenience? 100% BULLSHIT. Not a chance.

    • I've worked with end users for 25 years. Security over convenience? 100% BULLSHIT. Not a chance.

      Exactly. Security has never been a priority over convenience, and asking 4,000 people sure as shit isn't proof.

      • Re:BS (Score:4, Insightful)

        by umghhh ( 965931 ) on Monday February 12, 2018 @06:04PM (#56111221)
        It means something still if public sentiment changes. Even if the difference between what people do and they say is huge if what they now say changes this much the chances are the masses move a bit and some less reckless and more competent of us will maybe prevail few % points more often than before. OC that will not be enough even if it is move in proper direction but better than nothing.
    • versus what they will do. Anyone can say they prefer A over B. But when the time comes will they really choose A. There are many companies out there that have been burned when market research said one thing, but what the customer did was something else. I guess what it comes down to is marketing and advertising. A fear campaign would work. Maybe.

  • by jfdavis668 ( 1414919 ) on Monday February 12, 2018 @05:34PM (#56111041)
    Does this mean people will move on from Windows XP and IE 6? About time.
  • Then people wouldn't use the same damn password on most of their accounts.

    • by skids ( 119237 )

      ...and demand SSO solutions from the IT department. If the trend ever does really reverse, we'll see requests for separating password realms from users... and then end up with an even more complicated SSO solution to accommodate that functionality since apparently so many of them neglected to think to implement that feature in their rush towards "one password that works everywhere."

      Oh, BTW, TFA needs to get a clue. SMS texts are not a NIST approved 2FA mechanism [] anymore, for good reason.

  • complete and utter bullshit. They will happily say that in a survey but when push comes to shove the majority choose convenience over security. this applies to passwords, device configurations and just about any aspect where their is an option that allows convenience.
  • by petes_PoV ( 912422 ) on Monday February 12, 2018 @06:00PM (#56111199)

    Some 74% of respondents said that they would use extra security

    I'll believe this when that actually start doing it.

    People in surveys say all sorts of things. What they actually do is often entirely different. And what they will do in the long term is entirely different again.

  • They asked a guy named Bob Consumers and he thought security should be more important than convenience. Bob Consumers is an only child.
  • Been preaching this for 10+ years: Usability and security are allies, not enemies.

    If your usability is good, your users make less mistakes, which leads to less unintentional issues.
    Phishing is largely a usability thing. I have a couple slides about that, the very short version is that all the info you need to spot a phishing mail is typically hidden, while all the info that lures you in is prominent.
    Proper decision making by users can be guided through usability, to prevent them from doing stupid things.

    • Been preaching this for 10+ years: Usability and security are allies, not enemies.

      "Usability" is not "convenience". Convenience and security truly are enemies; usability and security are orthogonal concepts.

      You can have a website with the best UX in the world, but if the access controls to get there are inconvenient, users will often opt for more convenience in place of security.

      I could PGP sign every piece of email I send from my tablet. The UX is there. It's not convenient, so I don't. (Set up a key pair, publish the right half, teach all my corespondents how to decrypt it, etc. None

  • And they like a bold, rich roast [] too (Yeah, it's Malcolm Gladwell, but the ideas aren't his so it's all good).
  • I used to be a dysfunctional child and now prefer reduced functionality caused by tight security. Privacy Badger is my latest ally in fighting 'the man'.
    When you get to a web page full of blanks that doesn't make a lot of sense you get to realise how much we are being taken for a ride.
    Pictures, videos, tables can be tracking us, they used to be called viruses.
    Now it is just accepted as normal for companies to automatically provide us with what we want to experience.

  • Your link to TechRepublic also leads to 18 potential trackers
    and yes, my blocking broke the video which probably says no more than the text.

  • If the people with preferences do not have the ability to assess if their preferences are being met, they will still use shitty products.

Bell Labs Unix -- Reach out and grep someone.