Dumb Security Survey Questions

According to a Harris poll, 39% of Americans would give up sex for a year in exchange for perfect computer security:

According to an online survey among over 2,000 U.S. adults conducted by Harris Poll on behalf of Dashlane, the leader in online identity and password management, nearly four in ten Americans (39%) would sacrifice sex for one year if it meant they never had to worry about being hacked, having their identity stolen, or their accounts breached. With a new hack or breach making news almost daily, people are constantly being reminded about the importance of secure passwords, yet some are still not following proper password protocol.

Does anyone think that this hypothetical survey question means anything? What, are they bored at Harris? Oh, I see. This is a paid survey by a computer company looking for some publicity.

Four in 10 people (41%) would rather give up their favorite food for a month than go through the password reset process for all their online accounts.

I guess it's more fun to ask these questions than to poll the election.

Posted on November 21, 2016 at 6:04 AM • 43 Comments

Comments

RabNovember 21, 2016 7:44 AM

I would give up on the idea that online surveys have any validity if it meant I could avoid them for one year.

MarioNovember 21, 2016 7:57 AM

Is it any coincidence that roughly the same number of Americans are married? Perhaps it's not giving up much at all.

scotNovember 21, 2016 8:14 AM

Since many prominent security leaks involve sex, one could argue that giving up sex would in fact increase your security. At the very least, giving up adultery websites, sex tapes, and chatting up underage girls via electronic means would help greatly...

AnuraNovember 21, 2016 8:38 AM

Well, we already know people are willing to give up all their freedoms, oppress and torture others, murder innocent people, and make huge economic sacrifices just for perceived security, so I mean, yeah this stuff is just dumb.

brianNovember 21, 2016 8:59 AM

> nearly four in ten Americans (39%) *thought they* would sacrifice sex for one year if it meant they never had to worry about being hacked

Fixed.

Because there's a gap between what you like to think your behaviour would be, and your actual subsequent behaviour.

wumpusNovember 21, 2016 9:25 AM

Aw come on, running Linux and having a clue about computer security isn't that bad for your sex life.

Clicky MegeeNovember 21, 2016 11:08 AM


If I didn't have to worry about being hacked, I'd load up Windoze XP and download *.exe files off the internet all day long, proceeding to double click on each and every one of them just to prove I'm invincible.

I'd then enable javascript and flash in my web browser and casually stroll around the most advertisement heavy websites without fear of popups assaulting me as they slowly grind my computer down to a crawl.

Finally, I'd buy a Chinese smartphone and laugh at the pre-installed malware, using it as my password safe to store my most secret of passwords all while connecting the network using 2G.

CallMeLateForSupperNovember 21, 2016 11:48 AM

Another way to look at the result of this poll: 61% of Americans value their computer security less than they value sex. Dashlane should not be happy about this.

Polls are a drag. Pollsters are a drag. I assiduously duck both. I would like to see the results of a poll designed to measure the extent to which people are fed up with polls.

@Bruce
Related to polling the election, I wonder why there is no single web site where by-county vote tallies for each state are posted.

ErikNovember 21, 2016 12:32 PM

As stupid as this poll is, in one way it's better than most: it describes an actual hypothetical trade-off. The overwhelming majority polls on issues just ask people what they would want and leave out the costs (the presumption being that it's all free, baby!), which distorts the results well beyond any meaning.

albertNovember 21, 2016 1:05 PM

Survey Methodology:

This survey was conducted online within the United States by Harris Poll on behalf of Dashlane from October 26-28, 2016 among 2,007 U.S. adults ages 18 and older. This online survey is not based on a probability sample and therefore no estimate of theoretical sampling error can be calculated. For complete survey methodology, including weighting variables, please contact Ryan Merchant at ryan@dashlane.com or 212-634-0928.

First of all, never trust -anyone- who uses the term "methodology", especially "Marketing Managers".

So those 2007 people represent about 0.0008% of the US adult population.

I'd say that's representative, wouldn't you?

Doesn't matter what you call them: 'polls', 'studies', 'surveys', or 'research',

As a general rule, they are as useless as tits on a boar hog.

I think the needle is stuck on my BS detector. It seems to be pegged all the time.

. .. . .. --- ....

david in torontoNovember 21, 2016 1:22 PM

I'd actually like to take a poll on the extent to which I dislike polls and pollsters.

( Which is not nearly as much as calls for duct cleaners, calls to fix my apparently virus infected computer, and vile disingenuous politicians - the last is a non-partisan country of your choice equal opportunity indictment. The line from the hunt for red october about politicians being cheats and liars and "when I'm not kissing babies I'm stealing their lollipops." keeps coming to mind. )

DeanNovember 21, 2016 1:51 PM

@Albert

You don't understand p-values. 2000 people is more than enough (assuming they are spread proportionally across the country well) to sample the United States. You don't need a significant proportion of a population in order to poll a country; only a thousand people that are demographically similar.

LeeNovember 21, 2016 2:09 PM

Anyone that puts any credibility in online polls should be banned from using the internet for 1 year. The level of incompetence among users is reaching a point where my dog has makes better use of best Practices.

TedNovember 21, 2016 2:43 PM

Speaking of online identity and password management, NIST is preparing to release a new “Digital Authentication Guideline” draft for public comment mid-fall. Here are a few more details on the National Strategy for Trusted Identities in Cyberspace (NSTIC) blog.

Per earlier revisions, NIST’s identity authentication special publication 800-63 was split into a suite of documents:

  • SP 800-63-3: Digital Authentication Guideline
  • SP 800-63A: Enrollment and Identity Proofing
  • SP 800-63B: Authentication and Lifecycle Management
  • SP 800-63C: Federation and Assertions
  • "Table 4-3. AAL Summary of Requirements" of publication 800-63B provides an overview of standards for authenticator assurance levels 1 to 3. While a "Memorized Secret" is a permitted authentication type for AAL 1, AAL 3 requires a "Multi-Factor Crypto Device" or a "Single-Factor Crypto Device plus a Memorized Secret".

    And a few more articles.

    Clive RobinsonNovember 21, 2016 2:54 PM

    Hmmm...

    ... would sacrifice sex for one year if it meant they never had to worry about being hacked, having their identity stolen, or their accounts breached.

    One year -v- Never...

    I plan to never die, it could be the bargin of eternity ;-)

    More seriously it's not an "Apples -v- Apples" question, more a "trade a pea for a cantaloupe" question.

    Bong-Smoking Primitive Monkey-Brained SpookNovember 21, 2016 3:12 PM

    @Clive Robinson,

    One year -v- Never...

    Tell me another one, pal! It's more likely 20-30 seconds vs. never.

    albertNovember 21, 2016 4:04 PM

    @Dean,

    Assuming a 'representative sample' is a big assumption. 'Americans' or 'US adults' as a sample demographic? Seriously? The only way to gain -some- assurance is to increase the sample size within -carefully chosen- demographic groups. Even then, you're still bound by probability theory. I'm not interested in theoretical probabilities, because it's impossible to chose a truly representative group with a 0.0008% sample size.

    The problem with statistics isn't the math, it's the data.

    According to Ryan,
    "...This online survey is not based on a probability sample and therefore no estimate of theoretical sampling error can be calculated..."

    So it's BS.
    . .. . .. --- ....

    Bong-Smoking Primitive Monkey-Brained SpookNovember 21, 2016 4:05 PM

    It's crucial to get a view of the demographics...
    It's the likes of Al Bundy who participated in the survey, for sure!

    martyNovember 21, 2016 7:34 PM

    "Anything is more fun than polling the election."

    Polling must have beeen fun and rewarding until the election actually took place. sort of like living in a lalaland full of tv monitors?

    steveNovember 21, 2016 8:14 PM

    Maybe if you root your phone and update it yourself, then try and lock it down again. Although it has no code signing, it might be possibly somewhat better for a short period of time, depending on if you know what you are doing. Throw it really hard on the ground, is another solution, and drill out the memory chips.

    Not having sex though isn't going to help much.

    tim November 21, 2016 8:28 PM

    It could be an interesting survey on values, if statistics weren't so easy to cherry pick.
    If you educate people they might understand legislation, and if you don't educate people they won't understand legislation or read it, and they also won't understand the technology around them.

    Let's hope no one educates themselves and eats a proper diet.

    YvesNovember 22, 2016 1:25 AM

    IMHO, it's already what's happening. Some men dedicate their lives to perfect security, and have never touched a woman..

    Clive RobinsonNovember 22, 2016 1:36 AM

    @ tim,

    Let's hope no one educates themselves and eats a proper diet.

    Have you tried eating a "proper diet" not the silly guess work of some half baked government departmental droid, a proper scientificaly evaluated diet?

    Trust me when I say there is a reason why even those scientists don't eat it...

    TatütataNovember 22, 2016 7:27 AM

    I suspect their sample comprised a high proportion of geeks, who don't often get lucky anyway.

    Or perhaps the real purpose of the poll was disguised, in order to get the interviewee to honestly answer an altogether different question: how sexually active are you?

    My InfoNovember 22, 2016 8:36 AM

    In other news, Vladimir Putin's approval rating is over 80%.

    Ask a stupid question....

    Al ToppingNovember 22, 2016 5:06 PM

    Have not seen anything like this before... 11/22/06


    Cédric Barde
    November 18 at 7:45am ·

    Salut à tous, je veux montrer à mes élèves d'informatique le chemin que peut parcourir une photo sur Facebook. Pouvez-vous partager et indiquer votre ville en commentaire ? Merci pour eux ! / Hi friends! I want to show my computer class how far a picture can travel on Facebook. Can you share and comment with your city? Thanks a lot for them!

    probably several thousand comments....and adding by the second.
    Is the whole world connected?

    Ugh, cooties!November 22, 2016 5:07 PM

    http://www.alexa.com/siteinfo/schneier.com

    Audience Demographics -- How similar is this site's audience to the general internet population?

    Gender


    • Male

      • Relative to the general internet population, Males are greatly over-represented at this site.

      • Confidence: medium

      • 98% above internet average [sic]



    • Female

      • Relative to the general internet population, Females are greatly under-represented at this site.

      • Confidence: medium

      • 44% below internet average [sic]




    Ugh, cooties!November 22, 2016 5:15 PM

    Pretty sure that "44% below" should read "56% below".

    Critical transcription error.

    My apologies.

    CallMeLateForSupperNovember 23, 2016 9:49 AM

    @J

    Thanks for the three URLs, but no, none completely works here. All three refuse to accept some or all of my selections e.g. Show All Counties (default Some) or Show All States (default "Battleground" only).

    Probably due to NoScript and/or Privacy Badger.

    (I was surprised that NYT worked *at*all*, since it so pay-walled.)

    CallMeLateForSupperNovember 23, 2016 10:10 AM

    Reader "My Infor" offered: "In other news, Vladimir Putin's approval rating is over 80%."

    Of course, the astute reader should ask 1) on what date(s) was the poll taken; 2) what population(s) were polled; 3) what was the size of the population(s); 4) were any responses thrown out/withdrawn or otherwise nullified. Probably others that don't occur to me at the moment.

    At any rate, approval ratings of heads of state are notoriously volatile.

    Polls are a great example of "don't take it to the bank" information.

    ToModeratorNovember 28, 2016 7:58 AM

    "Al Topping" posted a chain-mail in a message. You can delete his post, as well as mine.

    Leave a comment

    Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

    Photo of Bruce Schneier by Per Ervland.

    Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.