Most Americans can't recognize 2FA, HTTPS, or private browsing
Two-factor authentication (2FA), HTTPS, or private browsing, are concepts that are too complex for most Americans, new research published today reveals.
Answers from a survey of 4,272 US adults conducted in June by the Pew Research Center found that most Americans aren't as tech-savvy as you'd normally expect from the country that houses most of today's web tech innovation.
Only 2% of all the survey takers managed to answer all ten questions correctly in a very basic tech quiz.
Users were asked about phishing, 2FA, HTTPS, browser cookies, privacy policies, net neutrality, private browsing, if they knew who owns Instagram or WhatsApp, and if they could identify Jack Dorsey as the Twitter CEO by looking at a photo.
Most Americans can't recognize an example of 2FA
The question on which most users failed was on recognizing an example of two-factor authentication from a set of images, with 55% of respondents not being able to pick the correct answer, and only 28% getting it right.
Furthermore, only three-in-ten adults (~30%) correctly
answered that a URL starting with "https://" means that the information entered on that site is encrypted.
The same goes for private browsing, where only 24% knew how it really worked.
Moreover, Americans' knowledge of the business side of social media companies is relatively low as well, with only 15% of respondents being able to identify the Twitter CEO in a photo, and only 29% of respondents knowing that Facebook owns Instagram and WhatsApp.
But the most ironic is the fact that only 45% of Americans were able to correctly describe the concept of net neutrality, despite being one of the main and most disputed talking points in US politics and law-making for the past decade.
The Pew Research study found that young adults tended to know more than older Americans, but this varied by question.
However, the most concerning factor coming from the study's findings is the general lack of awareness towards basic security features, such as 2FA and HTTPS.
There's been a sustained effort in recent years to push website owners and general users alike towards using and trusting HTTPS. Yet, the study found that most users don't even know what it is.
Similarly, for 2FA, where companies have been pushing users towards using it for years; yet, users can even barely recognize what a 2FA login process looks like.
In recent months, Google and Microsoft have both said that enabling even the simplest 2FA solution -- such as SMS-based one-time passcodes -- can protect users against 99.9% of attacks.
The Pew Research survey shows that these messages have not yet reached most users, and the process of promoting, explaining, and then re-explaining 2FA for end-users must remain a priority for most tech companies and cyber-security practitioners.