Microsoft has released a new web page that teaches people about how to be safe online and gives you a way to measure your online safetyness score, as determined by Microsoft. You can read all about it at that first link and take the test for yourself here: Take the survey.
The page has some basic information about things that users can do to make sure that they are more secure:
The score of the average user in 2011 was 34. I took the survey and I got a 64. You would think that being a security professional, it would be a lot higher since I should be setting an example for others. Well, at least I got better than a 34.
What are the good things that I do? I educate myself about the latest threats, run A/V and anti-phishing filters, use https where I can (especially when buying anything), and use firewalls.
What didn’t I score well on?
Well, according to the survey:
So those are my scores. Not a bad score and there’s room for improvement. I guess I’m not perfect.
But then again, neither are you.
Which is why 'strong passwords' are a bad practice. Instead non-obvious pass phrases should be supported.
Much to my dismay at this month's Silicon Valley Code Camp, in a TDD setting, it was proposed that a strong password have a limit of 16 characters, mixed case, and symbols and alpha numerics. People expect my mother to get this? A five or six word passphrse is better then what most Moms use and in the hands of anyone who understands them, better than any 8-12 mixed combo of characters.
I strongly agree with Trae about the passphrases suggestion.
I would also add that making a distinction between sensitive sites (shopping sites,...), social sites, ... can help make a choice for a common password or distinct password ... (sorry I meant passphrase!) for each site/category.
That survey isn't really helpful the way it's run right now.
Got 62, which while being a lot more than the reported average, feels low on a 0-100 scale. And the reasons are ones that I feel are pretty spurious (as far as explaining why my "Online Safety" would be so low goes).
I don't have any anti-virus, etc..., on my phone, which was a question. Why? Well, because I use a phone that doesn't have internet access. I can't install any anti-virus or anti-malware on it even if I wanted to, but then again I can't get any viruses or malware on it even if I really wanted to. So I'm perfectly safe there, but if I answer the question honestly as asked....
And I do often use my real name when posting comments or creating accounts. But just my first name, which is not really helpful. Run a search for the real name I posted this comment under, and I don't come up for at least the first 100 results on search engines (OK, I only just tested with google, yahoo, duckduckgo, and bing, maybe I'm a big hit on something else, but I seriously doubt it). It's just not that unique, and I'm just not that active online. But they don't ask how unique it is, or how active online I am, just if I use a real name or not.
And the same not being very active online means that I don't actively ask websites to remove comments about me, etc... Because first there really aren't that many, and second because so far there hasn't been any reason for a problematic/revealing one to appear, so I had absolutely no reason to ask someone to remove anything. But they don't ask why in the survey, or if there was even potentially a reason, just if I do it regularly or not.
So I think that using a modern browser, a good AV, keeping updates, using secure and different passwords, and controlling what and where I actually write online, should as a ballpark put my online safety much higher than this score. So the score is meaningless, and so not helpful. Not for anyone taking the survey to get a feeling of their safety if they don't already understand all the points, and not for whoever running the survey to estimate overall trends (since a lot of the data is too ambiguous).