More than half of consumers have been victimized by malware or a computer virus and more than a third have been targeted by phishing emails.
Those were two of the findings in a survey released Thursday by Impermium, a maker of cloud security software.
Some 56% of more than 2,000 adult consumers told Impermium that they'd been a victim of a malware or virus attacks on a computer, while 37% said they'd been targeted in a phishing attack and 20% revealed they'd been in the cross-hairs of social media phishers.
More than a quarter of the consumers (26%) said they'd had an online account compromised -- hacked, breached or passwords stolen.
Although many consumers have personally felt the pain of online threats, they remain reluctant to embrace two-factor authentication (2FA) to help secure their accounts, the researchers discovered. As commonly implemented by online service providers, 2FA requires the use of a code -- sent via SMS message or automated voice call -- in addition to a user name and password to access an account in certain circumstances.
Three quarters of the those surveyed by Impermium said they'd never used 2FA. In addition, more than a quarter (27%) said they'd shied away from a website offering 2FA because they didn't want to disclose their mobile number or the process was inconvenient.
"Two-factor authentication has been held up as this magic panacea over the last few months and yet, it doesn't solve the problem, in part, because the adoption rates are so abysmally low," Impermium CEO and former Yahoo spam czar Mark Risher said in an interview.
The convenience factor is a big barrier to adoption, Richer added. "It's a real hassle. It's a real usability pain."
2FA's appeal might be improved by offering methods for delivering codes other than SMS messages, but that can have additional security consequences. "More choices would increase adoption," Richer said, "but choices, too, can be a hassle for innocent users and can be circumvented by the bad guys."
What's more, he added, "The more choices, the more options the bad guys have."
Both human nature and commercial concerns are currently working against broad adoption of 2FA. "[H]umans seem to have a tendency to do minimal work," AlienVault lab manager Jaime Blasco said in an email. "That means if they have to perform two different tasks to login to a site, they probably won't."
Meanwhile, online vendors are concerned that boosting authentication requirements will lead to abandoned shopping carts and lost purchases. "Vendors want a seamless purchasing experience," Eset senior researcher Cameron Camp explained in an interview.
"If a one-click experience becomes one-click plus something else plus something else, it can affect impulse purchases," Camp observed. For example, you might go to Amazon to buy a book and leave with a book, a CD and gym shoes. That might not be the case if additional authentication were required for each purchase.
Sign up for Computerworld eNewsletters.