What people think about passwords, email snooping and personal data
Posted on 24 February 2014.
At the RSA Conference in San Francisco, Fortinet published new research that shows where Millennials and Gen-Xers stand in regards to passwords, online marketing practices, email snooping, and their personal data.

Based on findings from an independent U.S.-based survey of 150 Gen X (ages 33-48) and 150 Millennials (ages 18-32) with a 50/50 male/female split, the survey revealed 41% of both Millennials and Gen-X never change their online password or only change it when prompted.

Of the respondents who signaled they are vigilant about changing their passwords, 16% (19% Millennial, 13% Gen-X) change them once a month, 30% (25% Millennial, 35% Gen-X) change them every three months and 9% (11% Millennial, 7% Gen-X) change them at least once a year.

When asked if they had a password to access their phone, 57% said they did, while 43% said they did not. Apparently, Gen-X is more trusting in this regard, with 49% saying they do not use a mobile device password, while a fewer number of Millennials (37%) admitted to not having a password on their device.

Of those who admitted to using a password on their mobile device, the most popular type by far was the simple 4-digit pin (numeric password), taking the top spot at 47%. Complex passwords, such as alphanumeric, letters and numbers, came in second with 26%. This was closely followed by pattern (i.e., triangle, square) at 21%. And in last place was biometric (i.e., facial recognition, fingerprint) at 5%.

With regard to how respondents handled passwords for the Internet accounts they use, it appears many are getting the message that itís important to have different passwords for every site that requires one, but thereís still room for improvement.

40% of all respondents said they have a different password for every online account they use, 46% admit to having different passwords for at least a few of the sites they visit. 7% use different passwords for their most sensitive accounts and another 7% are using the same password for all accounts.

The value of personal data

To determine the value of personal data, we asked the group to rank in order of importance the following data types that they would be most afraid of losing; medical information, mailing address, email address, financial statements, educational information, social security number, tax returns, personal files, work files, online passwords, contents of emails, Internet browsing history, online purchasing history and IP address.

Both Millennial and Gen-X groups stated that their social security number was the most important piece of data they were afraid of losing. Both groups also agreed that online passwords ranked third in terms of data importance. But thatís where the similarity ends. Millennials ranked tax returns as second, online purchasing history as fourth and the contents of emails as fifth. Gen-Xers, on the other hand, said their mailing address was the second most important piece of data theyíd hate to have stolen. Internet browsing history came in fourth and work files came in fifth.

"Itís interesting to note that while work emails came in fifth for Gen-Xers, it didnít rank in the top five for Millennials," said John Maddison, vice president of marketing for Fortinet. "This is a tad concerning, especially when you compare Millennial attitudes towards BYOD in the survey we ran last October that found 51% of Millennials would contravene company policies restricting the use of their own devices, cloud storage and wearable technologies for work. Taken together, Millennials are essentially saying, "We donít care what our employers say. Weíll use whatever device we want to at work and if businesses data gets lost or goes missing, too bad."

Email snooping

When asked about the recent NSA revelations 44% of respondents felt that the government agency overstepped its bounds (41% of Millennials and 47% of Gen-X); 20% donít have a strong opinion about their actions (22% of Millennials and 18% of Gen-X); 19% feel that the government is doing whatís necessary to protect our nation and are acting in the best interest of the people (23% of Millennials and 15% of Gen-X); and 17% acknowledged that they donít know anything about whatís going on with the NSA (14% of Millennials and 21% Gen-X).

Applying the NSA snooping revelations to employers, we asked the group how they would feel if their employer inspected their online activity and communications. Only 12% felt they were only doing what was necessary (16% of Millennials and 9% of Gen-X). 38% (37% Millennials, 39% Gen-X) said they were okay with the monitoring only if they were inspecting activity at work for work. 39% of both demographic groups said any type of corporate monitoring is out of bounds. 3% of both groups have no opinion and 8% (5% Millennials, 11% Gen-X) arenít sure how they feel about corporate snooping.

When we ask the group which of the following online activities they expected to be private; personal email, work email, social media posts, text messages, Web history, location info, phone audio, online purchasing history and anything related to the Internet of Things (IoT), 50+% of both Millennials and Gen-Xers believed that all of those activities, except social media posts should be private. 59+% of both groups agreed that social media posts shouldnít have the same expectation of privacy.

Online marketing practices

We asked the group which of the following personal pieces of personal information they would be willing to share with marketers (personal email, personal phone number, postal address, access to social media accounts or none of the above. Personal email address came out on top at 50% (53% Millennials 46% Gen-X). This was followed by none of the above at 38% (35% Millennials, 41% Gen-X). Personal mailing address came in second place at 33% (31% Millennials, 35% Gen-X), which was closely followed by personal phone number at 26% (28% Millennials, 25% Gen-X). And coming in at the bottom of the heap was sharing access to social media accounts at 9% (9% Millennial, 8% Gen-X).

As businesses turn to social media to reach consumers, we asked the group about their social media privacy settings. It turns out 38% (41% Millennials, 35% Gen-X) of respondents say they use very strict privacy settings in their social media applications. 41% (40% Millennials, 43% Gen-X) use privacy settings to limit only certain information, 16% (15% Millennial, 17% Gen-X) use the applicationís default privacy settings and 5% (4% Millennials, 5% Gen-X) donít use any privacy settings at all.

When asked if any of the respondents were at all worried about any of the personal identifying information, such as vacation plans, work info, etc., could be shared or used against them, 28% (27% Millennials, 28% Gen-X) said they were worried, 18% (25% Millennials, 11% Gen-X) are only worried if the information was shared with marketers, 19% (21% Millennials, 17% Gen-X) said theyíre not worried at all, 30% (23% Millennials, 37% Gen-X) said they donít post personal information, while 5% (3% Millennials, 7% Gen-X) donít know how they feel about this.


Crowdsourcing your bug bounty program

David Levin, Director of Information Security at Western Union, talks about crowdsourcing their bug bounty program and the lessons learned along the way.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Mon, Mar 30th