Google security researchers say “non-expert” Web users overlook software updates—the “seatbelts of online security” as a best practice, along with other misconceptions about safe Web habits.

Google researchers have published the results of two surveys, one with 231 security experts and another with 294 Web users, asking respondents what practices they took to keep their data and privacy safe online. The Top 5 responses, shown in the infographic above, agree on the one painfully obvious one: using strong passwords. But the rest of the lists show just how much average users have to learn about how to stay safe on the Web.

(Related: The worst passwords users come up with)

Security experts identified using unique password and password managers as the best way to maintain passwords, while users responded they rely mostly on changing passwords frequently. Only 24% of Web users reported using password managers, compared to 73% of experts.

“Our findings suggested this was due to lack of education about the benefits of password managers and/or a perceived lack of trust in these programs,” the researchers explained.

One Web user told the researchers, “I try to remember my passwords because no one can hack my mind.”

Where security experts and users truly differed, though, were in perceptions toward software updates and antivirus software. Thirty-five percent of experts and only 2% of non-experts said that installing software updates was one of their top security practices. Antivirus software, which experts said has benefits but grants users a false sense of security, is used by 42% of users surveyed compared to only 7% of experts.

“Experts recognize the benefits of updates—‘Patch, patch, patch,’ said one expert—while non-experts not only aren’t clear on them, but are concerned about the potential risks of software updates. A non-expert told us: ‘I don’t know if updating software is always safe. What [if] you download malicious software?’ and ‘Automatic software updates are not safe in my opinion, since it can be abused to update malicious content,’ ” the researchers wrote.

The researchers concluded their research highlighted “fundamental misunderstandings about basic online security practices,” and that by spurning software updates, users are driving into Web traffic without seatbelts. Google is presenting its research this week at the Symposium on Usable Privacy and Security in Ottawa.