Passwords are part of our everyday lives but let’s face it; we would all like to see them go the way of the Dodo bird. A major proportion of data breaches are the result of stolen, re-used or week passwords. Okta, Inc. a publicly traded identity and access management company based in San Francisco, recently conducted research which found that 78% of respondents remember their passwords using an insecure method. Among 18-34 year old respondents, that number rises to 86%. Methods used included:
- 34% use the same passwords for multiple accounts
- 26% write them down on paper
- 17% type them on their phone or computer
- 6% use well-known passwords
It wasn’t so difficult in earlier days when passwords could be rather simple, and we might use the same one for multiple purposes. Later we were told our passwords needed to be more complex, mixing letters, numbers and symbols. We weren’t to use the same password twice and we were supposed to start changing our passwords every 3 to 6 months.
One spot of good news is that Microsoft recently declared regular password changing is obsolete. At least this takes some pressure off. Using long, complicated passwords is still a good option, but another is using a phrase such as “I like waterskiing at the cottage.” Phrases are at least easier to remember but still difficult for computer hackers to figure out.
The problem remains, however, that we all access many applications, on-line banking and on-line shopping sites, requiring that we maintain a multitude of passwords. Okta’s report indicates the average worker has to remember 10 passwords in a regular day. This inconvenience leads users back to trying to simplify their lives, returning to the bad habits that were revealed in the Okta study. It’s a continual tug of war between security and convenience.
The prediction is that password-less authentication such as biometrics will come, but not in the near future. Of course, many devices currently have Touch ID and Face ID capabilities, however, these are still set up initially using a password. That password would be required if your device was lost or stolen.
A solution we suggest for the password dilemma is to use a reputable on-line password manager. Watch for a future blog to learn more about how a password manager works, and one we recommend.