Password managers provide a more effective way to stay secure online but are still underutilized, says Security.org.
Juggling a unique and strong password for every online account you use is a Sisyphean task, to put it in mythological terms. That’s why so many people still turn to weak passwords that they use and reuse across multiple accounts. Though biometric authentication is gaining traction, there’s still no universal alternative to passwords. But there is a way to better manage your passwords. A report released Monday by security advice site Security.org looks at why people rely on password managers.
SEE: Password Management Policy (TechRepublic)
In a survey of 1,077 American adults conducted in November, Security.org asked people about their experience with cybercrime, how they track their passwords and their views of password managers. Participation in the survey was not based on any level of knowledge or expertise with password managers, so most of the respondents were everyday consumers.
Among the respondents, only 20%, or 241 people, said they use password managers. The rest (863 people) use other methods. Among those who don’t use password managers, 41% said they rely on their own memory, 30% write passwords on paper, 24% save passwords in their browser, 23% save them in a digital note file, and 20% simply reuse the same passwords.
Almost one-third of those surveyed had their identity or online credentials stolen over the past year. But these results varied based on how people managed their passwords.
Among those who used password managers, only 16% were hit by identity theft. For those who saved their passwords in a digital note or reused the same passwords, 35% suffered identity theft. Among people who tried to memorize their passwords, save them in their browser, or write them on paper, the percentage of those victimized by identity theft ranged from 28% to 31%.
The respondents who do use password managers cited a few reasons for doing so.
Most (71%) said they use them because they can’t remember all their passwords. More than half said they used password managers to help them log into their accounts across different devices. And 45% said they use them to generate and save complex passwords. Other reasons cited included the ability to manage apps with multiple logins, the benefits of encrypted passwords and the ease of using one master password.
Those who don’t use password managers also had their own reasons for avoiding them.
Most (71%) said they don’t think password managers are secure. Some 51% said they’re not sure they need one, 45% said they’re not sure how password managers work, 38% said they think they cost too much and 34% said that they’re difficult to set up. Despite these concerns, 69% said they’d consider using a password manager in the future.
Those who have adopted password managers were asked which product they use. The results varied across the board, but LastPass was the top choice, citied by 21% of those polled. Keeper came in second place, followed by McAfee True Key, Bitwarden, Google Chrome password manager, Apple Keychain password manager, 1Password and Dashlane.
Finally, one of the keys to securing a password manager is to devise a strong master password. Asked how they created their master password, 81% said that they used a unique login, while 19% admitted that they turned to a previously used login.
Recommendations for password security
Until we have a truly universal alternative to passwords, we’re stuck with them for now. And though password managers may not be perfect, they do offer a practical way of creating and using strong and unique passwords for each of your accounts. Still, there are a few recommendations to keep in mind when using a password manager.
- Create a strong master password. The master password is the key to unlocking your password vault. As such, it needs to be especially strong and complex. That means it should be a certain length, at least 12 characters. And it should contain letters, numbers and symbols.
- Rely on biometric security as well. If you use a password manager on a mobile device or on a computer equipped with a fingerprint reader or facial recognition, you can protect your password manager beyond just the master password. Most password managers let you secure your password vault via your device’s own biometric means of identification. By enabling this option, you not only better safeguard your passwords but you have an easier way of accessing them.
- Enable two-factor authentication. Many people who use password managers worry that their passwords will be exposed if someone hacks into their account. Beyond devising a strong master password, you should further secure your password manager account through two-factor authentication. This way, if a hacker ever tries to log into your account, they can’t access your data without that secondary form of authentication.