Last Spring after months of teeth pulling, Hillary Clinton finally revealed why she chose to use her own email account for sensitive government communications. Her explanation: “I opted for convenience“. Let’s hope she didn’t also opt for convenience when she chose her passwords.
Sadly, that is what most of us do, despite frequent warnings from hacker headlines, the websites we use and our own inner voices. We use terrible passwords like “azerty” (sorry I’m terribly French with my keyboard) and “12345”, putting our online accounts at risk for easy hacking.
Now there are tools for helping us create and remember complicated passwords to elevate the personal security of our online lives. They are called password managers and they’re reliable, effective, and easy to use. And free!
But people have been slow to adopt them, which is a great mystery to those who love them. Why do we continue to use terrible passwords, shun helpful password managers, and risk everything?
First a look at the state of things.
Your Passwords are Terrible
The average person has 24 online accounts and that is a lot of passwords to remember. That is why, even though we know better, we use the world’s worst passwords. There is actually an outfit that tracks such things. Since 2011, SplashData has issued its comically-named annual “Worst Passwords” list. It sounds like a joke, but the actual matter is pretty pathetic and serious.
The latest data from SplashData is for 2014, and it reveals that once again, “123456” is at the top of the list. Number two? “password”. Others include
Have we not learned anything in 10 plus solid years of mass internet use?
Not earlier than October this year, TalkTalk website was hit by ‘significant’ breach, a cyber-attack.
Even though we are constantly reminded of the 3 things we should do to protect our private online security, few of us actually do them:
- use complicated passwords
- don’t use the same password every account (don’t even reuse them)
- change your passwords often
Third-party password manager companies will help you do all three of those things, and more.
Password Managers: the Solution People Fear
Password managers are not perfect, but they are better than nothing. Like a house that’s secured by a locked door AND a security system, it is much tighter but there is still a hint of vulnerability. Fortunately, that doesn’t stop millions of homeowners from purchasing and relying on security systems.
People have all kinds of excuses for not using password managers:
- my browser takes care of that
- somebody will hack the company that stores my passwords
- my passwords don’t matter that much
- too much work/not convenient
Let’s break these down, one by one:
Your browser’s password manager is not secure. It stores your passwords on your hard drive, unencrypted- oops!
Somebody will hack the company that stores my passwords. Sometimes hacking does occur- but encryption goes a long way towards preventing hackers from getting anything useful. But yes, hacking does happen, which is why password managers aren’t perfect. But they’re better than doing nothing: worlds better.
My passwords don’t matter that much. You are fooling yourself if you think your passwords don’t matter because the sites you visit do not have your private info. Eventually you will have an account at a website that does matter.
Too much work/not convenient. The “it’s not convenient” excuse must be reversed. Hilary Clinton chose convenience over security and look how that turned out. Yes, password managers are not fun: they take a while to set up and when you are on a new computer you have to use an app to get your passwords. But security isn’t meant to be fun: it is about being proactive and protecting yourself. We are talking about your very own personal information here, and that gets stolen, you will be in for a whole lot more “inconvenience” than what your suffer from using a password manager.
Encryption, encryption, encryption: what most people don’t know
Since most people do not understand what encryption is, they fail to understand the true beauty of password managers. There are free password managers which encrypt everything you put into your account. When you sync your login details to your computer and your phone or tablet, it’s encrypted during transfer, too. Even people who work at the password manager company can not see your passwords because they are encrypted even while just sitting there waiting for you to access them.
Multi-factor authentication: because even the craziest passwords are not enough
Lately, password managers have added double or multifactor authentication, requiring you to have one of all of the following:
- Something you know (password, security questions)
- Something you have (phone)
- Something you are (fingerprint, facial or voice recognition, iris scan)
Of course this isn’t foolproof either, but it’s extremely helpful in keeping your passwords safer.
The final word: you don’t need to be perfect but you do need to do something
It should be clear by now that you are asking for it if you use terrible passwords. Just how you manage a more complicated set of passwords, though, is up to you.
Password managers seem to be the best bet for most of us, barring those who have extreme paranoia problems. Fortunately, password managers are getting better with time: they now support multifactor authentication, making data even more secure.
Above all, keep in mind that hackers go for the low-hanging fruit. There is so much of it! Therefore, simply by upgrading your password status via a non-browser password manager, you are ahead of the pack as far as personal online security goes.