Skip to main content

Why you do not need 27 different passwords

Passwords. The bane of modern existence. To celebrate this nuisance, the holiday gods have given us World Password Day, where thousands of people come together online and pledge to improve their password habits. How many of those pledges do you think stick? According to the 2017 Verizon Data Breach Investigation Report, not many. A little over 50 percent of all breaches in the last year leveraged either stolen or weak passwords.

Coincidentally, today is also Star Wars Day (May the 4th Be with You). And while we all wouldn’t mind having a lovable droid guard our passwords as loyally as R2D2 guarded the blueprints for the Death Star, the reality is we’ve got to do the guarding ourselves. And that has become burdensome enough to send Yoda himself over to the Dark Side.

Current state of affairs

According to a poll by Intel Security, the average person has 27 discrete online logins. From social media accounts to banking to online shopping to utilities, credentials—which usually include a username and password—are required for each. And if people are practicing good password hygiene, they’re engaging in the following recommended practices:
  • DO: Use a different password for each account.
  • DO: Use a long password. In fact, the longer, the better.
  • DO: Use special characters, numbers, and capital letters.
  • DO: Change your passwords every couple of months.
  • DO NOT: Write down your password, whether that’s on a piece of paper or stored electronically.
  • DO NOT: Share passwords via text, email, or chat.
  • DO NOT: Use easily identifiable information, such as a birthday or a child’s name.
  • DO NOT: Use an incredibly generic password such as 12345. (That’s the combination an idiot would use on his luggage.)
All of this, for 27 different logins, is simply unmanageable. In fact, the Intel study found that 37 percent of its respondents forgot a password at least once a week. And people are so sick of juggling dozens of different passwords, that 20 percent said they would give up ESPN if it meant never having to remember another one. Six percent said they’d give up pizza. PIZZA.

This level of discontent and security fatigue means that very likely, most users are falling back on bad habits: writing passwords down in a notebook or a Google sheet, for example, or using the same password across multiple logins. (A study by the National Institute of Standards and Technology confirms this: 91 percent of its respondents admitted to reusing passwords.)

So this is why we say: stop it. Stop the bad habits, yes, but stop the “good” ones, too. Having 27 different passwords that are lengthy and full of characters and numbers and need to be changed every few months and can’t be written down—you’d need the memory of an eidetic elephant to keep up. Online services will only multiply, so what should you do?
It’s very simple. Get a password manager.

Password manager 101

For those who might not be familiar, password managers assist in generating, storing, and retrieving passwords from an encrypted database. They typically require that users create and remember one master password to rule them all. One master password to find them. One master password to bring them all, and in the darkness bind them.

One master password to stand at the precipice and shout gallantly, “YOU SHALL NOT PASS!”
Sorry, it couldn’t be helped. As we were saying. Generally, most password managers work the same way. You’ll be asked to create a strong master password during setup (and here’s where you’ll use those password best practices, such as generating a long passphrase with numbers and capitals that steers away from guessable personal info). From there, you’ll add your other credentials to the password manager either manually or through tools that can automatically find and upload passwords for you.

While most password managers have similar setups, they secure passwords in different ways. Web-based password managers store your passwords encrypted in the cloud. Some are built into browsers, such as Safari, Firefox, and Chrome. Others may store your passwords locally in an encrypted file on your computer, tablet, or phone.

In addition, some password managers have features that help you audit your credentials, allowing you to weed out duplicate login info and remove sites you don’t use, or alerting you to breaches that have happened to the companies you log into. Many have customizations that allow increased security, such as regional lockout and two-factor authentication (which we highly recommend taking advantage of).

But aren’t I just asking to be hacked by storing everything in one place?

While some folks might be wary of using a single point of access for all their sites, remember that password managers still use your individual passwords to log in to your accounts. Those passwords are locked in an encrypted database, which is way more secure than a post-it on your office desk or a faulty memory. Ask yourself this: is it safer to store all your money in one bank or to hide it in piles underneath several mattresses?

As for fear of password managers being breached—sure, it’s possible. In fact, it’s already happened, as was the case in 2015 when LastPass was breached. However, even though cybercriminals got their hands on some email addresses, they were unable to crack master passwords. This is because master passwords are protected with military-grade security, hidden behind thousands of rounds of hashing, or algorithms that convert strings of text into longer strings of text. So far, no reputable password manager has leaked consumer master passwords (that we know of).

So which password manager should I use?

The following password managers come highly recommended by our staff and tech reviewers from The New York Times, Lifehacker, and PCMag:
If you don’t trust third-party apps with all of your personal information, you can try an open-source password manager such as KeePassX, though it requires a fair bit of technical know-how to set up.

I am absolutely opposed to a password manager. What else can I do?

While we stand by our recommendation to use password managers, we understand the urge to reject placing all your trust in the hands of another company. So here are a few alternate methods for choosing more secure passwords than the random hodgepodge you’re likely working with now.
  1. Split up your online services into major groups, such as bills, entertainment, shopping, and social media. Assign a single password to each group according to a theme. For example, you could choose movies as your theme and assign quotes from one movie to one group, or character names from a second movie to the second group. Rotate these passwords every 90 days by incrementally adding a number or changing a character. This requires a lot more effort but is still preferable to using the same password across all accounts or having to reset forgotten passwords every week.
  2. Choose one semi-difficult password for all accounts but insert a naming convention in the middle of the password to denote which account you are signing into. For example, if your password is L3tme1npleaz, your Gmail password could be L3tme1nGMAILpleaz. Your Amazon password could be L3tme1nAMAZONpleaz, and so on and so forth.
  3. When possible, choose a service that has two-factor authentication over one that does not. More than 150 applications currently implement two-factor authentication. 
Passwords don’t have to rule your life. You can lock them up behind a password manager and worry about remembering a single, slightly complex phrase instead of 27. You can relax knowing how well guarded your passwords are. And you can go ahead and burn that secret list of passwords you keep in your address book even though you’re not supposed to.

Do you have a favorite password manager? Or a method for creating and remembering unique passwords? Let us know in the comments below.

Posted: May 4, 2017
Malwarebytes Labs by Wendy Zamora
Last updated: May 3, 2017

Comments

Post a Comment

Please no profanity or political comments.

Popular posts from this blog

Unlocking the Power of Emeritus Board Positions in Credit Unions

  Explore how the Emeritus Board Position in credit unions honors long-serving members, offering them a chance to mentor new leaders while maintaining strategic influence without the responsibilities of active board roles.
Post a Comment
Read Complete Article HERE>»

Both Sides of The Desk!

With over 50 years of experience in the credit union sector, I have had the privilege of observing and participating in its evolution from various vantage points. My journey has taken me from serving as a dedicated volunteer holding critical leadership roles, including serving on the supervisory committee, as director, and as board chairman, culminating in my tenure as CEO for 12 years and now founder and President/CEO of the National Council of Firefighter Credit Unions . This extensive background has enabled me to " Sit On Both Sides Of The Desk ," blending operational expertise with strategic oversight. In this blog post, I want to share how this dual perspective has enriched my understanding of credit union dynamics and fostered more effective governance. By leveraging the insights gained from years spent navigating both the intricacies of daily operations and the broader strategic objectives, I have witnessed firsthand the transformative power of collaboration, communi...
Post a Comment
Read Complete Article HERE>»

How To Make Decisions With Conviction—Even Under Pressure

Why strong leaders act when others hesitate — and how to develop that confidence without needing every answer. I’ve watched smart, experienced leaders freeze. And I’ve been in that same position myself. It’s not because we lack information, but because we don’t feel ready to choose. Leaders often get stuck because they’re waiting for the perfect moment to act. They’re thinking through the consequences, weighing the trade-offs, trying to get it right. But the longer they wait, the harder it becomes to move at all. The truth is that the worst decision isn’t always the wrong one. It’s the one you never make. If you’re in a leadership role, you don’t always get the luxury of knowing. You have to move anyway. Not recklessly, not blindly, but with clarity, purpose and conviction. In high-pressure moments, the gap between average leaders and great ones gets exposed. It’s not a gap in intelligence or experience. It’s a gap in decisiveness. Because conviction doesn’t mean certainty—it means mak...
Post a Comment
Read Complete Article HERE>»

Live - Podcast Understanding The Importance P&L Statements

A Weekly Dose of Innovation for Credit Unions Serving First Responders Welcome to the NCOFCU Podcast: Your Weekly Dose of Innovation. Hosted by Grant Sheehan CCUE | CCUP | CEO, NCOFCU, this podcast is your definitive source for the latest news, insights, and trends in the first responder credit union world.
Post a Comment
Read Complete Article HERE>»

Fed Kicks Off Two-Days of Meetings Today as Critics, Proponents Respond to Rate Increases; Plus, What CUs Should Expect

CUToday WASHINGTON–The Federal Reserve’s Open Market Committee (FOMC) will kick off two days of meetings today and the decision they announce tomorrow will affect everything from the major U.S. markets to credit unions that are seeing strong loan growth to individual credit union members struggling with monthly bills. The FOMC is widely expected to again raise its benchmark rate as it seeks to cool raging inflation. Among those expecting rates to be higher by Wednesday afternoon is CUNA’s chief economist, Mike Schenk, who expects the Fed will push up rates by 75 basis points. That follows the full one percentage point increase made during the Fed’s July meeting. “That’s pretty substantial, but inflation is over 9%,” said Schenk...
Post a Comment
Read Complete Article HERE>»