Research also shows consumer inaction and confusion over social media security
MOUNTAIN VIEW, CA, April 8, 2021 — The FIDO Alliance announced new research today revealing that 45% of consumers have had their social media accounts compromised or know a friend or family member who has. The same research found that almost 60% of respondents were the most concerned about protecting their phones (over another device) when it comes to the security of their social media accounts. Over 4000 people in North America, the UK, France and Germany were polled in March 2021 for the research.
The findings reveal the larger scale of the social media security problem, following several attacks on the social media accounts of high-profile individuals in recent months, including Elon Musk, Bill Gates, Jack Dorsey, and senior NHS leaders. The research shows that these attacks are not limited to the highest profile individuals.
Despite this, the FIDO Alliance research shows that social media hacks are not necessarily prompting consumers to take security action. This research shows that 40% of consumers do not increase security on their social media accounts when they see celebrities, politicians or large companies hacked, but feel like they should.
“You may think that well-known individuals with mass followings are the only target, but our research shows that a much larger number of people have been affected,” said Andrew Shikiar, executive director of the FIDO Alliance. “Social media accounts are prime targets, as they hold so much of a user’s personally identifiable information (PII). Yet, our research shows a disconnect between the need for stronger security for social media accounts and consumer awareness of how to take action.”
The FIDO Alliance research identified a substantial lack of awareness and neglect for the use of two-factor authentication technologies offered by social media service providers. 26% of people said they were either not familiar with two-factor options or not using them. Similarly, some respondents (15%) said they would like to increase the security of their accounts but don’t know how. Another finding which highlights this lack of understanding or awareness on these issues, was the fact that 4 out of 10 people could not make a judgement on whether they believed they were vulnerable or not to a social media hack.
For those who have taken action to better secure their social accounts, creating a stronger password was the most popular method for 50% of the respondents, an action that still leaves them vulnerable to some of the most common and effective attacks, such as phishing.
Shikiar says, “The research is showing us that there is a general lack of awareness among consumers about how to assess their own risk of falling victim to social media hacks. They are also unsure as to what steps should be taken to best protect their accounts. Social media platforms like Twitter and Facebook have made much stronger security options available. Consumers just need to know what they are, how easy they are to use and how to turn them on.”
For consumers that want to increase the security of their accounts, social media platforms provide a number of options with varying levels of protection:
- All social media services offer basic two-factor authentication options via a one-time passcode. Once this is turned on, an SMS code is sent to the user’s mobile device and entered during sign-in. Because SMS codes are still able to be phished, accounts are still vulnerable to targeted attacks.
- For maximum security, social media providers are increasingly adding support for physical FIDO security keys. These are small, portable high-security devices that connect to a phone or computer via USB, Bluetooth or NFC. Simply touching this device during sign-in protects accounts from a targeted attack 100% of the time. Most social media services, including Twitter and Facebook, now offer the option to enable FIDO security keys for mobile and desktop access.
Since its inception, the FIDO Alliance has established technical specifications that are now the trusted standard for user authentication on the devices and web browsers used every day. FIDO Authentication removes the reliance on passwords and stands to turn the tide in the industry’s battle against data breaches and credential theft. In 2020, the Alliance debuted loginwithFIDO.com, a site to inform consumers about FIDO Authentication technologies available to help them secure their authentication processes.
For a full copy of the FIDO Alliance Consumer Research Report: https://fidoalliance.org/social-media-survey.
The survey was conducted among 4,026 Consumers across the UK, US, France, and Germany.
The interviews were conducted online by Sapio Research in March 2021 using an email invitation and an online survey.
About the FIDO Alliance
The FIDO (Fast IDentity Online) Alliance, www.fidoalliance.org, was formed in July 2012 to address the lack of interoperability among strong authentication technologies, and remedy the problems users face with creating and remembering multiple usernames and passwords. The FIDO Alliance is changing the nature of authentication with standards for simpler, stronger authentication that define an open, scalable, interoperable set of mechanisms that reduce reliance on passwords. FIDO Authentication is stronger, private, and easier to use when authenticating to online services.