Forget Me Not: Should People Use A Password Manager?
Mon, April 19, 2021

Forget Me Not: Should People Use A Password Manager?

 

Technology is advancing but will passwords become obsolete? Frankly, passwords will not be going away anytime soon, said Zack Whittaker of startup and technology news website Tech Crunch. It is indeed a struggle to remember your passwords, forcing you to change them again if you forget them.

Some passwords can be easily guessed, making personal accounts more vulnerable to hacking. Using fingerprints and facial recognition technology may serve as a replacement for passwords, but neither of these is perfect. That would emphasize the need for you to use passwords (or other security measures) to keep your accounts safe.

Report Finds the Online Behavior That Makes People Susceptible to Security Threats

LastPass, a password manager and vault, surveyed the online security behaviors of 3,250 global respondents in their Psychology of Passwords report. 53% of respondents said they have not changed their password in the last 12 months even after news about a breach. Moreover, 42% said that having a password that is easy to remember is more important than a secure one. The report revealed that people believe they know about the risks of poor password security, but they are not applying their knowledge in practical settings. 91% said they know that using the same or a variation of the same password is a risk. However, 66% always or mostly use the same password or a variation, up from 2018’s 8%.

80% agreed that having their password compromised is something to be concerned about, but 48% said if it is not required, they would never change their password, up from 2018’s 40%. 77% said they are informed of password protection best practices but 54% kept track of passwords by memorizing them. While respondents thought they are well-informed about password security, a part of the discrepancy is due to them underestimating their risk. In fact, many individuals are underestimating how much of their lives are online. When asked how many accounts they have, 71% of respondents said 1-20.

In anonymized LastPass user data, the average LastPass personal user owned approximately 38 online accounts, which was almost twice what the respondents thought they had. 42% of individuals thought their accounts are not valuable enough to be worthy of a hacker’s time. When asked how frequently they use the same password or a variation, 66% answered always or mostly, up from 8% in 2018.

When asked why they reuse passwords, 60% admitted that they were afraid of forgetting their log in details while 52% stated that they want to be in control and know all of their passwords. This is understandable considering that a user may feel safe using the same password for all their accounts. However, it is misguided since reusing passwords makes the person more vulnerable to security threats than creating a different password for each password.

The report revealed that trying to remember all your passwords is not effective as 25% of respondents reset their passwords once a month or more because they forgot them. Since users have to remember their passwords, the passwords they create are predictable and not strong enough, with 22% of respondents admitting that they could guess their significant other’s password. There are also other steps to safeguard online accounts and one of them is multi-factor authentication (MFA). 54% of respondents said they use MFA for their personal accounts, 37% use it at work, and 19% said they did not know about it.

65% said they trust fingerprint or facial recognition more than text passwords. When asked what accounts the respondents would create stronger passwords for, 69% said financial, 47% answered email, 31% stated medical records, and 29% said work-related accounts. When asked which accounts they have MFA enabled for, the respondents said financial (62%), email (45%), medical records (34%), and work-related accounts (22%).

 

 

What’s A Password Manager?

A password manager contains all your passwords to your account protected by a master password that only you yourself know. It’s understandable to be afraid of someone who might get your master password. But if you have created a strong and unique master password, it is a near-perfect way to safeguard your passwords from malicious actors. Password managers also help you generate and save unique passwords when you make an account on new sites. When you sign up on a website or app, you can open your password manager, copy your password, and paste it in the login bar. Password managers are bundled with browser extensions that automatically fill in the password for you.

However, Alan Henry of monthly American magazine Wired argued that it is better to use a stand-alone password manager. It may be tempting to use your browser’s password manager, but it is already doing a lot of tasks, and storing and managing your passwords may be one of them. In-browser password management has improved but they are still behind in terms of the tools that password managers offer to ensure that your accounts are secure. Moreover, password managers remind you when reusing passwords, offer you various levels of password complexity, and the option to sync in multiple devices and browsers.

 

 

But Password Managers Are Not Perfect

Lorrie Cranor, director of the CyLab Security and Privacy Institute at Carnegie Mellon University, explained, "Most people are not actually following all the rules for good passwords, because it is really hard to do that without a password manager."

But password managers are not perfect considering that they can be targeted by hackers. The best password managers—despite the presence of bugs and vulnerabilities—keep your passwords safe and encrypted. Cranor commented, “The major password manager companies have a good track record of fixing problems quickly and before their users actually suffer any negative consequences." She added that if you are reusing your passwords or using weak passwords, it is much better to use a password manager despite it not being able to guarantee security.

Should I Write My Passwords Down Instead?

It’s not advisable to write your passwords down and hide them under your keyboard or post it on your device’s screen, stated Norton, an anti-virus or anti-malware software product. Unless you have a good memory, the best way to store and remember your passwords is to use a password manager to help you fill in your log-in details on websites.

Password managers may not guarantee 100% safety, but they help reduce the likelihood of people’s accounts from being compromised so long as you create a strong, unique master password. 

Is one’s memory the best password manager? Maybe. But for others, password managers are a surefire way of protecting their login credentials. For those who use password managers, they should be abreast of news about cybersecurity and acknowledge that password managers are still vulnerable to attacks.