I missed #10, because I don’t know what a VPN is (I know it STANDS FOR Virtual Private Network, but that’s not the same as knowing what it is). I should have chosen “Not Sure.” That would have been a correct answer, because it’s true.
10 out of 10 but I used to be in charge of network security many years ago.
9 out of 10, missed the VPN question. I don’t consider myself anything near a computer expert. On the other hand, a lot of people are both clueless and careless.
I thought this quiz was awful and promulgated a bunch of bad and outdated security info while getting a lot of things subtly wrong.
Question 4: Two Step Authentication is not a standard term used in security. Two factor authentication is the commonly used term. Depending on how exactly you define 2 factor authentication, the 1st, 3rd and 4th image might all count. Strict 2FA requires you to receive your code on a completely separate device, making all of them invalid. 2FA according to some auditing documents permits 1, 3 & 4 which is why you see bank logins use the latter.
Question 5: All 4 passwords are equally insecure. 6 letter passwords have been within the realm of exhaustive brute force for a long time now. It doesn’t matter how complex you make a 6 letter password, it’s the difference between being cracked in 0.001 seconds and 0.05 seconds. Length is a better protection than special characters.
Question 7: Technically, the answer should be not sure since only browsing via HTTP and not HTTPS can be seen by internet providers. This could be better worded.
Question 9: This is unambiguously wrong. Even if someone is able to snoop on the wifi connection, as long as you’re visiting HTTPS enabled websites like online banking, they would need to break HTTPS to compromise you. It’s perfectly safe to perform online banking on a shared wifi connection.
Question 10: Both “Use of insecure Wi-Fi networks” and “De-anonymization by network operators” are mitigated by using a VPN. VPNs will hide your traffic endpoints from your ISP and the big push towards getting VPNs after the internet privacy bill passed was because of this.
I scored a 9, which is frightening, because I’m not that good with computers. (As in I think the test was too easy.)
This was truly a bad question. As you and rat avatar point out, greater password length is generally better for security than poorer human intelligibly.
I had much the same reaction to the phishing question, well except that I’m not involved professionally in IT security in any way, and wouldn’t even rank myself as a novice-beginning-amateur really. I didn’t know that “phishing” now means more than just trying to get login credentials via email scams.
I blame the mainstream media for this;)
I suspect this was a poorly composed quiz done up by someone with about the same level, or less, understanding of IT security as I have.
9/10
I don’t agree that phishing can involve a website, to my mind it is only an email, but I can handle being wrong on that one.
9/10 - my definition of phishing was not the same as theirs.
That was my take as well. The other one I missed was the VPN one so many others got wrong as well, so 8/10.
I also got no 10 wrong - I answered "“De-anonymization by network operators”. Could someone please explain why this is wrong - this was the primary reason I signed up for a VPN.
There are TLS protocol downgrade attacks in the wild. How sure are you that your browser and bank aren’t affected?
Don’t use an untrusted wifi network for sensitive activities is generally good advice, even if HTTPS is pretty good protection.
Because the people operating the VPN know who you are. Just the sites that you visit don’t know your originating IP address, and people can’t see your encrypted traffic. But that doesn’t make you “anonymous”
Glad to see Pew is taking on the issue of cybersecurity, but of course anyone active in a forum like this is going to be more sophisticated than the average.
According to this link from Incapsula, a botnet is “a group of hijacked Internet-connected devices, each injected with malware used to control it from a remote location without the knowledge of the device’s rightful owner. From the point of view of hackers, these botnet devices are computing resources that can be used for any type of malicious purposes.”
So botnets are used for any malicious purpose, not just stealing information. And I guess there is also a question on what a “network” is but maybe I’m being pedantic here (global CCTV cameras around the world but aren’t networked together can still be used as part of a botnet).
had to be for me to get the same score! :smack:
But the question was which one of them were the safest :dubious:
Well, I feel better that some folks agree with my intuition.
I thought this was a weird question too. The password doesn’t create security, but it doesn’t make it less secure either.