DAVID GREENE, HOST:
Your software needs to be updated. Remember the days when if that were true, you might call IT support, maybe go to a computer store, maybe seek some kind of expert? Well now we're so connected through Wi-Fi and networks, we are expected ourselves to download software and manage security and update passwords. And according to a new survey by Google, we are really bad at this stuff. Here's NPR's Aarti Shahani.
AARTI SHAHANI, BYLINE: Take a look at your smartphone or laptop. Are you one of those people who keeps hitting ignore or remind me later when you get that annoying prompt to update software?
NOLAN DARBY: Ignore, never tell me later.
SHAHANI: This is Nolan Darby.
DARBY: I'm trying to read something, and then they'll just pop up, you know? And it interrupts what I'm actually doing. I don't need all those reminders.
SHAHANI: Amelia Kirby and Lisa Handley don't care much for those reminders either.
AMELIA KIRBY: My old phone, when I updated it before, I used to lose contacts. So then I think I got kind of paranoid about doing the updates.
LISA HANDLEY: You don't want to waste the time that you have on your computer to doing a download.
SHAHANI: Like, you're not the helpdesk.
HANDLEY: Exactly, exactly. Thank you (laughter) yeah.
SHAHANI: Donald Mabrey worries that sometimes these notices to update could actually be hackers in disguise.
DONALD MABREY: I mean, I always think about that with anything on these phones these days. Yeah, 'cause I'm hearing that they can turn your phone on and turn it off or they're looking at you right now - even from your smart TVs, I'm hearing things.
SHAHANI: Google is releasing a new study today looking at how regular, non-technical people prioritize online security as compared to the experts. It turns out a deep rift has formed. Yes, expert and lay person believe in a strong password. But after that, things fall apart.
GERHARD ESCHELBECK: Experts prioritize installation of software updates and patches at a level of 35 percent.
SHAHANI: Gerhard Eschelbeck is chief of security for Google.
ESCHELBECK: While non-experts, only 2 percent of them see this as a priority to protect their systems. And that's a pretty stark gap.
SHAHANI: There's a similarly stark gap when it comes to antivirus, the software that's long been hailed as the all-purpose cleaner, the rubbing alcohol of the Internet. Nearly half of the non-experts surveyed say products like McAfee and Norton are key. But among experts like Eschelbeck, just 7 percent agree.
ESCHELBECK: Antivirus has absolutely its place. But it's not, like, the only one solution that people can and should rely upon.
SHAHANI: Especially because antivirus doesn't block the new generation of hacks and targeted attacks that we're seeing. Some security experts even say antivirus is dead, though Eschelbeck thinks that's an overstatement. And when it comes to passwords, making strong ones and storing them, he says there is another gap.
ESCHELBECK: Well, the sticky note certainly hasn't worked in the past. And usually you never find the sheet of paper when you need it.
SHAHANI: About three quarters of experts surveyed use something you've probably never heard of, a password manager. It's a tool that makes up crazy-complicated, 36-digit passwords for any site you want and then stores each unique one in a central vault. This might sound like a bad idea. And irony of ironies...
(SOUNDBITE OF ARCHIVED RECORDING)
UNIDENTIFIED REPORTER: LastPass, which is a password protection service that exists to prevent hacking, got hacked.
SHAHANI: News broke in June. I know because I use it and had to spend an entire evening changing all my passwords. Still, expert Eschelbeck insists...
ESCHELBECK: The password manager clearly is the least amount of risk compared to the alternatives that you have available.
SHAHANI: Online security is not intuitive. It can even be counterintuitive. Eschelbeck says his camp, the experts, have to get better at communicating basic defense. Aarti Shahani, NPR News, San Francisco.
NPR transcripts are created on a rush deadline by Verb8tm, Inc., an NPR contractor, and produced using a proprietary transcription process developed with NPR. This text may not be in its final form and may be updated or revised in the future. Accuracy and availability may vary. The authoritative record of NPR’s programming is the audio record.