A Year Later, Americans Have Forgotten About Heartbleed

Well … crap.

Screencap from Dashlane

Do you remember Heartbleed? Yeah? The security bug discovered a year ago in one of the standard cryptographic libraries used across the Web? Are you sure you’re not just nodding along? I ask only because a new survey says that 86 percent of Americans either never heard about Heartbleed or have forgotten about it in the year since its discovery. So if you don’t actually know what it is, you have plenty of company.

But that doesn’t mean it’s OK. No matter how many high-profile hacks and vulnerabilities come to light, awareness and action still seem to lag. The poll, conducted by password manager and digital wallet maker Dashlane, surveyed 2,000 adult Americans about their knowledge of Heartbleed and their attitudes toward cybersecurity. Thirty-two percent said they are responsible for protecting themselves online, but 23 percent said tech companies should be responsible, and 24 percent didn’t know who the onus should be on. Along with the survey, the company released a video of Heartbleed commentary from cybersecurity experts, including representatives from Center for Democracy and Technology and Georgetown University Cyber Project.

“It’s clear that a year later the impact of Heartbleed is much less than we would have expected,” said Dashlane CEO Emmanuel Schalit in a video about the survey’s findings (below). “Even if the public wanted to care, it’s very difficult to understand what’s going on.” There’s an optimistic perspective.

You can see how Dashlane would have an interest in pointing out how scary the cybersecurity climate is, since the company sells products meant to address the issue. But given the number of people who still rely on good ol’ Password123 for their accounts, the findings also seem plausible.

Fifty percent of the survey respondents reported changing at least one password in the wake of the Heartbleed revelation, but when asked which information they were most concerned about protecting only 1 percent said personal email. Social security number, banking information, and credit card numbers were all much higher on the list, even though most people’s personal email could give hackers valuable clues for ascertaining all of those other pieces of information.

“Now, a year on, I’d love to be able to say that we’ve learned many lessons from Heartbleed and that the web is now a more secure place,” wrote Yuval Ben-Itzhak, the chief technology officer of security company AVG, in a blog post. “Sadly, it’s not as simple as that.”

There’s still no answer to the question of how to get Americans fired up about cybersecurity.