“We still stink at passwords, and there’s really no excuse.”
That’s the (blunt) title of a Fast Company story about a new study on password practices. Before reading more below, what’s your first reaction? Do you bristle at the contention that “we all stink at passwords” – or instantly nod in agreement?
Two tips: Make passwords complex and avoid using the same one in different platforms. While it’s handy to type in a tried-and-true password you’ll remember, convenience may come at a cost:
“Password reuse is the biggest password security error being committed by our survey respondents,” the report (commissioned by password-manager app purveyor LastPass) leads off. “When asked how frequently they use the same password or a variation, 66% answered always or mostly – which is up 8% from our 2018 survey findings.”
The only consolation there is that some of these people must feel guilty about it, since 91% reported knowing that using identical or similar passwords can lead to an attacker taking over multiple accounts with one stolen password. … A separate category of password sharing—between different people—may also be up, thanks to the coronavirus pandemic. A survey released in April by the competing password-manager service Dashlane found that 32% of Americans had seen family members or coworkers sharing passwords for things such as streaming services or online shopping more often since the pandemic’s onset.
The LastPass-commissioned survey, conducted by the research firm Lab42 in March, gathered responses from 3,250 people aged 18 to 60 (about 1,000 in the U.S., with the balance in Australia, Brazil, Germany, Singapore, and the United Kingdom) who had multiple online accounts. … The LastPass report did not assess how many people used password-manager services, but earlier studies have found low adoption rates even though multiple free options exist. (A) 2017 Pew study reported that only 12% of Americans ever used password managers, with just 3% saying they rely on them.
Many people shy away from trusting their passwords to an app, even though LastPass, 1Password, and Dashlane all encrypt stored passwords from end to end, keeping them inaccessible even to those firms.
That does, however, mean that the password to your password manager had itself better be complex. All three apps let you bypass that with biometric authentication on your phone or computer – but facial-recognition systems such as Apple’s Face ID can’t deal with face masks, while the lack of Touch ID or Face ID security on Apple’s desktops excludes them from this convenience.
Symone Skrzycki is the senior communications manager for the Indiana Chamber. She is also a senior writer for the Chamber’s award-winning BizVoice magazine and has been with the organization for 19 years.