Most American politicians haven’t seriously upgraded their cybersecurity since the 2016 hacks of the Democratic National Committee and Hillary Clinton’s campaign, according to a new poll from Harris and Google. The first votes of the 2020 presidential primary season will be cast next month.

Why no change? Passwords suck. Weak passwords are everywhere, complex passwords are frustrating, and whether they are good or bad, passwords are easily stolen.

State of the art: Experts agree that the best way to protect an online account is with a security key that can validate whether you are logging into your real account and not being tricked by hackers. And in an effort to make it as easy as possible to do that, Google announced today that people can use both iPhones and Android phones as security keys with their Smart Lock app. 

Since issuing these security keys to employees in 2017, Google hasn’t lost a single account to phishing, said Shuvo Chatterjee, the product manager for Google’s Advanced Protection Program. That’s a big win. An extraordinary 2019 study by Google showed that security keys prevented 100% of attempted account takeovers—and that includes targeted attacks by sophisticated hackers. 

Keyed in: The Harris poll asked 500 high-risk users—including politicians, journalists, activists, and influencers—about their security practices. While 60% of politicians hadn’t upgraded their systems since the last presidential election, one big surprise was that 50% of high-risk users said they used security keys. Counting all forms of extra authentication, 66% of the survey’s high-risk individuals use additional security beyond passwords—but that lags behind the general population, which is at 69%.