The FIDO Alliance has released a new report that captures the scope of the social media security problem. In that regard, the report found that nearly half (45 percent) of all respondents know an immediate friend or family member who has had a social media account get hacked, or have been the victim of such a hack themselves.
The problem is that that awareness (or that experience) does not necessarily translate to action when it comes to account security. A significant portion (40 percent) of the population does not take any action to strengthen their social media security posture, even when they feel like they should do something after witnessing high profile attacks against public figures like Jack Dorsey and Elon Musk. Meanwhile, a full half of those who do take action stop after creating a stronger password, which still leaves them vulnerable to phishing attacks and the other shortcomings of password-based security.
Those results speak to the public’s unfamiliarity with stronger security methodologies. 15 percent of the respondents did not know what steps to take to improve their security level, while 26 percent either did not use or were not aware of their options for two-factor authentication. FIDO noted that all major social media platforms now support SMS one-time passcodes, but advocated for physical FIDO security keys that cannot be intercepted.
The findings are based on the survey responses of 4,000 people in North America, France, Germany, and the UK. Sixty percent of those polled were more worried about their phones than they were about protecting their other devices.
“Social media accounts are prime targets, as they hold so much of a user’s personally identifiable information,” said FIDO Allliance Executive Director Andrew Shikiar. “Yet, our research shows a disconnect between the need for stronger security for social media accounts and consumer awareness of how to take action. Social media platforms like Twitter and Facebook have made much stronger security options available. Consumers just need to know what they are, how easy they are to use and how to turn them on.”
The FIDO Alliance recently partnered with the IoT Security Foundation to promote passwordless authentication protocols. The European Union Cybersecurity Association has also argued that organizations that need to comply with the new eIDAS regulations should consider the use of FIDO2 security solutions.