Skip to main content

Why you do not need 27 different passwords

Passwords. The bane of modern existence. To celebrate this nuisance, the holiday gods have given us World Password Day, where thousands of people come together online and pledge to improve their password habits. How many of those pledges do you think stick? According to the 2017 Verizon Data Breach Investigation Report, not many. A little over 50 percent of all breaches in the last year leveraged either stolen or weak passwords.

Coincidentally, today is also Star Wars Day (May the 4th Be with You). And while we all wouldn’t mind having a lovable droid guard our passwords as loyally as R2D2 guarded the blueprints for the Death Star, the reality is we’ve got to do the guarding ourselves. And that has become burdensome enough to send Yoda himself over to the Dark Side.

Current state of affairs

According to a poll by Intel Security, the average person has 27 discrete online logins. From social media accounts to banking to online shopping to utilities, credentials—which usually include a username and password—are required for each. And if people are practicing good password hygiene, they’re engaging in the following recommended practices:
  • DO: Use a different password for each account.
  • DO: Use a long password. In fact, the longer, the better.
  • DO: Use special characters, numbers, and capital letters.
  • DO: Change your passwords every couple of months.
  • DO NOT: Write down your password, whether that’s on a piece of paper or stored electronically.
  • DO NOT: Share passwords via text, email, or chat.
  • DO NOT: Use easily identifiable information, such as a birthday or a child’s name.
  • DO NOT: Use an incredibly generic password such as 12345. (That’s the combination an idiot would use on his luggage.)
All of this, for 27 different logins, is simply unmanageable. In fact, the Intel study found that 37 percent of its respondents forgot a password at least once a week. And people are so sick of juggling dozens of different passwords, that 20 percent said they would give up ESPN if it meant never having to remember another one. Six percent said they’d give up pizza. PIZZA.

This level of discontent and security fatigue means that very likely, most users are falling back on bad habits: writing passwords down in a notebook or a Google sheet, for example, or using the same password across multiple logins. (A study by the National Institute of Standards and Technology confirms this: 91 percent of its respondents admitted to reusing passwords.)

So this is why we say: stop it. Stop the bad habits, yes, but stop the “good” ones, too. Having 27 different passwords that are lengthy and full of characters and numbers and need to be changed every few months and can’t be written down—you’d need the memory of an eidetic elephant to keep up. Online services will only multiply, so what should you do?
It’s very simple. Get a password manager.

Password manager 101

For those who might not be familiar, password managers assist in generating, storing, and retrieving passwords from an encrypted database. They typically require that users create and remember one master password to rule them all. One master password to find them. One master password to bring them all, and in the darkness bind them.

One master password to stand at the precipice and shout gallantly, “YOU SHALL NOT PASS!”
Sorry, it couldn’t be helped. As we were saying. Generally, most password managers work the same way. You’ll be asked to create a strong master password during setup (and here’s where you’ll use those password best practices, such as generating a long passphrase with numbers and capitals that steers away from guessable personal info). From there, you’ll add your other credentials to the password manager either manually or through tools that can automatically find and upload passwords for you.

While most password managers have similar setups, they secure passwords in different ways. Web-based password managers store your passwords encrypted in the cloud. Some are built into browsers, such as Safari, Firefox, and Chrome. Others may store your passwords locally in an encrypted file on your computer, tablet, or phone.

In addition, some password managers have features that help you audit your credentials, allowing you to weed out duplicate login info and remove sites you don’t use, or alerting you to breaches that have happened to the companies you log into. Many have customizations that allow increased security, such as regional lockout and two-factor authentication (which we highly recommend taking advantage of).

But aren’t I just asking to be hacked by storing everything in one place?

While some folks might be wary of using a single point of access for all their sites, remember that password managers still use your individual passwords to log in to your accounts. Those passwords are locked in an encrypted database, which is way more secure than a post-it on your office desk or a faulty memory. Ask yourself this: is it safer to store all your money in one bank or to hide it in piles underneath several mattresses?

As for fear of password managers being breached—sure, it’s possible. In fact, it’s already happened, as was the case in 2015 when LastPass was breached. However, even though cybercriminals got their hands on some email addresses, they were unable to crack master passwords. This is because master passwords are protected with military-grade security, hidden behind thousands of rounds of hashing, or algorithms that convert strings of text into longer strings of text. So far, no reputable password manager has leaked consumer master passwords (that we know of).

So which password manager should I use?

The following password managers come highly recommended by our staff and tech reviewers from The New York Times, Lifehacker, and PCMag:
If you don’t trust third-party apps with all of your personal information, you can try an open-source password manager such as KeePassX, though it requires a fair bit of technical know-how to set up.

I am absolutely opposed to a password manager. What else can I do?

While we stand by our recommendation to use password managers, we understand the urge to reject placing all your trust in the hands of another company. So here are a few alternate methods for choosing more secure passwords than the random hodgepodge you’re likely working with now.
  1. Split up your online services into major groups, such as bills, entertainment, shopping, and social media. Assign a single password to each group according to a theme. For example, you could choose movies as your theme and assign quotes from one movie to one group, or character names from a second movie to the second group. Rotate these passwords every 90 days by incrementally adding a number or changing a character. This requires a lot more effort but is still preferable to using the same password across all accounts or having to reset forgotten passwords every week.
  2. Choose one semi-difficult password for all accounts but insert a naming convention in the middle of the password to denote which account you are signing into. For example, if your password is L3tme1npleaz, your Gmail password could be L3tme1nGMAILpleaz. Your Amazon password could be L3tme1nAMAZONpleaz, and so on and so forth.
  3. When possible, choose a service that has two-factor authentication over one that does not. More than 150 applications currently implement two-factor authentication. 
Passwords don’t have to rule your life. You can lock them up behind a password manager and worry about remembering a single, slightly complex phrase instead of 27. You can relax knowing how well guarded your passwords are. And you can go ahead and burn that secret list of passwords you keep in your address book even though you’re not supposed to.

Do you have a favorite password manager? Or a method for creating and remembering unique passwords? Let us know in the comments below.

Posted: May 4, 2017
Malwarebytes Labs by Wendy Zamora
Last updated: May 3, 2017

Comments

Popular posts from this blog

Update: First Responder Credit Unions Academy (FRCUA) Udates

In an ongoing effort to keep your FRCUA education current, modules are continually updated to reflect current NCUA and other regulatory agency requirements. As an example, BSA 26 now includes  Artificial Intelligence and BSA,  Elder Financial Exploitation,  Pig Butchering & BSA, and Executive Order –  Free and Fair Banking.

Mortgage Rates Tick Down

MCLEAN, Va.--Mortgage rates moved slightly lower this week, with the 30-year fixed-rate mortgage averaging 6.56%, Freddie Mac reported. “Mortgage rates are at a 10-month low,” said Sam Khater, Freddie Mac’s chief economist. “Purchase demand continues to rise on the back of lower rates and solid economic growth. Though many potential homebuyers still face affordability challenges, consistently lower rates may provide them with the impetus to enter the market.” The 30-year FRM averaged 6.56% as of Aug. 28, down from last week when it averaged 6.58%. A year ago at this time, the 30-year FRM averaged 6.35%. The 15-year FRM averaged 5.69%, unchanged from last week. A year ago at this time, the 15-year FRM averaged 5.51%, Freddie Mac said. ____________________________________________ Check out NCOFCU's additional features: First Responder Credit Union Academy Podcasts YouTube Mini's Blog Job Board

SIGN UP FOR YOUR CUSTOM HEALTH INSURANCE SOLUTION TODAY

 https://bizu65.allstatehealth.com/?password=demo ____________________________________________ Check out NCOFCU's additional features: First Responder Credit Union Academy Podcasts YouTube Mini's Blog Job Board

Wendelville Fire Chief Andrew Pilecki re-elected to FASNY board

Andrew Pilecki, the current fire chief of Wendelville Volunteer Fire Company, has been re-elected to the board of directors of the Firefighters Association of the State of New York. Pilecki has been a member of the fire service for more than four decades, including the past 22 years as a responder with the Wendelville company. Previously he was an active member of Columbia Hook and Ladder Co. He’s also a former assistant director of emergency management for the City of North Tonawanda. FASNY directors serve five-year terms of office. During his first term, Pilecki was instrumental in supporting the association’s pandemic response, championed fire company recruitment and retention efforts, and worked to amplify the needs of Western New York’s volunteer fire service at the state level, according to FASNY. “I’m honored to be re-elected and to continue advocating for the men and women who volunteer their time, risk their safety and serve their communities across the state,” Pilecki said. “...

Many CUs Likely to Face New Operating Challenges "Michael Moebs"

04/08/2024 09:04 pm By Ray Birch LAKE FOREST, Ill.—The trend lines don’t lie: Financial institutions charging high overdraft fees will likely face operating challenges in the near future and may even be forced to merge if they don’t follow the market trend of lowering their OD charge. Michael Moebs, economist and chairman of Moebs $ervices, is offering that forecast following his company’s new overdraft study, which has found overall net OD revenue for 2023 was down 5.7%, with banks dipping by 8.1% to $31.4 billion, thrifts falling by 28.6%. and credit unions actually increasing net revenue 2.2%. The study further reveals the m...