Microsoft: Few people take multiple steps to protect online data

More and more online companies are offering ways for users to better protect their online data from hackers and malware, via methods such as two-factor authentication, better password generation and more. However, a new survey by Microsoft shows that only a few people are taking steps to better protect their online data and identity.

The survey comes as part of Microsoft's second annual Microsoft Computing Safety Index. In a press release, Microsoft said it polled 10,000 PC, smartphone and tablet users in 20 countries. While 55 percent of the people who were surveyed had more than one online risk, just 16 percent of them say they took multiply steps to protect themselves from online threats.

While 45 percent of the people who were surveyed worry about online identity theft happening to them, just 34 percent have a PIN they use to unlock their mobile device. While 48 percent of those polled say they worry about computer viruses, 53 percent actually have anti-virus programs installed on their PC, while 44 percent use firewalls.

Microsoft offers up a number of suggestions to better protect your online data, including the use of stronger passwords, locking your mobile phone with a PIN, not playing bills or shopping on a public computer or open WiFi network, and reducing spam messages in your email inbox.

Source: Microsoft
Password image via Shutterstock

Report a problem with article
Previous Story

Digital artist creates Instagram for Windows Phone concept

Next Story

Skype starts offering way to pay for credits via mobile phone bill

11 Comments

Commenting is disabled on this article.

I use a password manager now. It isn't foolproof, but all my important sites have randomly generated passwords. I remember a few too. Additionally, I don't store my bank details anywhere (not even on the password manager).

I don't use a PIN but I think I will start doing so.

I am surprised only around half of PC users have an anti-virus. That is shocking. Less than half have firewalls. I wonder if these same people are aware of MSE and the in built windows firewall?

Well, I use a PIN for my phone SIM so whenever the phone is rebooted it will not get any connection until the PIN is entered; obviously I have a PW for the phone as well but WP only allows a six digit, and only numeric, PW, definitely not enough. A longer, alphanumeric plus special characters should be available. I would like to have the option to use a PW to open Outlook, the desktop app, as well.
Many years ago Norton, when it was still Peter Norton company, had a marvelous program called " For your eyes only" or something like that. The program allowed you to encrypt a file, a folder, an entire HD etc. as well as made them "invisible", protect them with a PW and more.
While Bitlocker and similar programs are very useful I miss the granularity that the Norton software offered.
Of course, as others have pointed out, no software is useful if PW like "password" or "123456" are used, and yes I saw, an unbelievable number of system using such silly PW but making available useful tools to conscious people would help.

You know what's funny is that image is totally relevant to my online security. I have a firewall I've put in my passwords into, and it scans all outgoing packets for those passwords. If my password is sent out, it'll block the packet altogether and notify me.

So unless you encrypt all your network data keyloggers (which seems counter intuitive), then I have a tissue box for you if you ever land on my system cuz you're gonna need it to cry away your loneliness from the outside world.

I don't understand. Presumably you have exceptions in place to actually log into the websites with those passwords? If so, they if those websites get hacked, then you still lose your password? So I am not sure how doing this helps, unless I am missing the point.

djpailo said,
I don't understand. Presumably you have exceptions in place to actually log into the websites with those passwords? If so, they if those websites get hacked, then you still lose your password? So I am not sure how doing this helps, unless I am missing the point.

It's not perfect, but that's not how it works. I'm not adding exceptions at all.

Only websites encrypting the connection will work, because my Firewall won't see my password there. But if a website tries to send my password in plain text over the Internet, my Firewall will stop it. This prevents man in the middle attacks, where someone is listening in on network packets being sent from my computer. And if I do happen to run into a website that doesn't use HTTPS at all, I'll just use a password like abc123 so that none of my other accounts can get hijacked.

So if a keylogger ends up on my system undetected or a script is injected in a website to collect the information typed up, it would have to be designed to encrypt the passwords it collects before trying to send them off. Otherwise, if it's a simple attack, my Firewall will block the network transmission altogether (and I'll be alerted about what's going on).

Hope that makes more sense.

Kunal Nanda said,
This does make sense. How did you add an exception? I generally use Windows Firewall so I am not sure if this is even possible.

I haven't added any exceptions (and I'm not sure I ever will, but I haven't run into a website/program that uses an unencrypted login), but it's just as easy as choosing exclusions by the press of a button (and that lets you enter a website domain, IP address, range of IP addresses, IPv6 address, etc). I'm unsure if Windows' Firewall supports this action (though I assume not).

djpailo said,
Yes, I see how this works. Sounds pretty good. How do you set up something like this? I

For setting it up, I'm using a Firewall called Outpost Firewall Pro (by Agnitum), and I purchased the Lifetime subscription for it (it's basically an Internet Security Suite, but without the Antivirus, which I'm just using Defender for). They offer a pretty robust free product, but I'm unsure if it offers this feature. It also has a 30-day free trial of the full version. If you do get Outpost, I recommend leaving it in "Rules Wizard" mode so that it prompts you about each program's actions, to allow them, block them, block and kill it, or allow/block it once. Otherwise it'll allow most Internet connections or block most of them by default (without notice).

So if you install it, you goto Advanced Settings > ID Block, and check "Block Private Data Transfer" then click Add, put in the info, and choose OK. This also lets you block credit card numbers and choose whether to replace them with asterisks or block the packet altogether.

"Microsoft offers up a number of suggestions to better protect your online data, including the use of stronger passwords"

They should start allowing more than 16 characters for MS account/outlook.com passwords, plus, "space" doesn't work..

Drossel said,
They should start allowing more than 16 characters for MS account/outlook.com passwords, plus, "space" doesn't work..

Exactly. There are countless warnings about using strong passwords yet so many websites and services have incredibly arbitrary restrictions, like low character counts or not allowing most special characters. It really is unacceptable. It's even worse when a website doesn't even tell you certain characters aren't allowed. I use a random password generator and when I changed my Twitter password after the last security breach it allowed me to paste in a new password I had created but didn't recognise it when I went to login - it turns out it doesn't like certain special characters.

There should be an international standard for password strength that companies have to comply with, as currently it varies radically from company to company.

I'm surprised the number is that high. I had one (well actually not just one this happens ALL the time) customer that wanted me to help them with their email. I asked them what their password was, she looked it up. She said "Ok I found it, the password is "welcome".

*Facepalm"

I had this other customer who's sons facebook account got hacked. I told him to change his password. After they changed it, I asked her "What was your sons password before?" she said .. "football"

*facepalm*