Americans ignorant on cybersecurity, Pew poll shows

A large majority of Americans can pick the strongest password off a list, but two-thirds don't know what the green padlock their browser means, according to new data from Pew.

Most Americans don’t understand the security measures that can keep them safe online, according to new data from the Pew Research Center.

A survey published Wednesday shows a large majority of Americans can pick the strongest password off a list and know that public WiFi isn’t safe. But only a third knew what HTTPS (the green padlock next to the web address bar) means, and only one in ten could distinguish two-factor authentication from other forms of login security.

The survey, of 1,055 American adults, was conducted last June for the center. It consisted of a 13-question pop quiz respondents took online.

The questions “cover many of the general concepts and basic building blocks that cybersecurity experts stress are important for users to protect themselves online,” said the center in an analysis. The multiple choice questions range from selecting the strongest password from a list, to identifying which login screen shows two-factor authentication, as opposed to other forms of non-password security.


The typical, or median, respondent was able to answer just over five questions correctly, the center found — an average of 5.5 correct answers. The most important predictor of success was education. And there was little variation for age.

“Indeed, on a number of these questions internet users age 65 and older are just as knowledgeable as those ages 18 to 29,” states the center’s analysis. For instance, older and younger users are equally likely to be able to identify a phishing attack or pick the most secure password from a list.

But younger users tended to score higher on more technical questions— like whether turning off GPS on a smartphone disables all location tracking.



Overall, 18-29 year-olds correctly answered an average of six out of 13 questions, compared with an average of five among those 65 and older.

But those with college degrees or higher education answered an average of seven of the 13 questions correctly, compared to an average of just four for those with high school diplomas or less.

Three-quarters of respondents (75 percent) correctly picked the strongest password from a list of alternatives that included 12345. Almost as many (73 percent) correctly responded when asked whether a password-protected public wifi is secure enough to conduct banking or other sensitive transactions on (it isn’t).

But of the four questions were answered correctly by one third or fewer of respondents, three of them relate to security measures that experts believe are vital to online safety: The secure hypertext protocol known as https; the use of virtual private networks or VPNs; and the use of two-factor identity authentication.

The four questions were:

  • Correctly identifying the meaning of the green padlock-in-the-browser and the internet address beginning https from a list of four alternatives — answered correctly by just 33 percent of respondents
  • Picking the correct definition of a botnet from a list — 16 percent
  • Knowing that a VPN protects your internet traffic on a public wifi connection —  13 percent
  • Correctly distinguishing the login screen that shows two-factor authentication via SMS text from screens that show other additional security measures — 10 percent This question was also answered incorrectly by 71 percent of respondents, more than three times as many as the next most frequently wrongly answered question.

The center says that it’s online survey was carefully weighted to include Americans without internet access.

“The survey was conducted in English and Spanish by the GfK Group using KnowledgePanel, its nationally representative online research panel,” the center says in a note on its methodology.

KnowledgePanel members are recruited over the phone and via mail and “KnowledgePanel provides internet access for those who do not have it and, if needed, a device to access the internet when they join the panel,” states the center.

The survey had a margin of error of plus or minus 3.2 percentage points for results based on the full sample.

Shaun Waterman

Written by Shaun Waterman

Contact the reporter on this story via email, or follow him on Twitter @WatermanReports. Subscribe to CyberScoop to get all the cybersecurity news you need in your inbox every day at

Latest Podcasts