MarkC on UC Microsoft Skype for Business, Lync, Exchange & Everything Else

Why don't more people use password managers?

Another data leak, another random mumble about password managers.


====
Woke up to see another data leak story today:


O2 Customer Data Sold on the Dark Net

When ever I see stuff like this it makes me double check my security for websites etc. to make sure I'm not accidentally doing anything daft. This morning though it got me thinking - how come more people don't use Password Managers? Or more specifically - how do people make stuff secure
without using password managers? It's beyond me.

Looking at my own for example I currently have 422 logins to various things. Yes.
Four Hundred and Twenty Two. Bonkers.

Without a PWD manager the likelihood is a lot of those sites would:

  • Use relatively simplistic patterns or words that are memorable.
  • Repeated across multiple websites.
  • Instantly forgotten and constantly having to tick 'forgotten password' on sites.
  • Email to a single source meaning a single email could be compromised, resulting in the compromise of multiple sites.

Now, I'm the first to admit I can be a bit paranoid about such stuff. I like to follow best practice. Achieving that though without a way of managing your passwords - difficult.

Working in IT means I get to 'help' a lot of my friends etc. with their computers, microwaves, shelves* etc. It astonishes me how poorly their general attitude to security is. Firstly, it's rare someone will hand me their laptop and it be encrypted. They never think to question that I recover their stuff so quickly, just assuming it's something down the black-art of 'those computer things'. (See:
Encryption - It's for Everyone). I'll also often find things like text files on the desktop containing common email/password combinations and more often than not including the web site that they're associated to.

Utterly crazy.

So why is a password manager so important? Well, the obvious one is that it stores all your passwords and makes them easy to access. It has other - more important - benefits too:

  • You can generate truly random passwords that even you won't be able to remember. Stuff like SAjhhWJKH987KJJ71$$$!$%%%%_43 for example. Try remembering that. (There's a legitimate argument against such passwords too, to be fair: See XKCD).
  • You don't have to remember all those ridiculous passwords! The manager will do it for you.
  • You can have unique passwords for every single site.
  • Most will do a security check through the passwords that are stored advising you of any poor or repeated selections.

Wait - how do you secure your password manager? Well - of course you have to set a master password…And you need to be creative with that. I use phrases that make no sense for example, rather than short words. So something like '
Jay likes to eat b0ats on a Sunday'** for example. Easy to remember as it's so weird. You don't find yourself typing it in very often either - iPad/iPhone it's all TouchID, and on my main machines it locks when I lock my normal machines.

Do I save passwords in my Browser? Yes, I do - for
some sites. Never for any sites that hold any detail or financial information.

What about the 'tick here if you've forgotten your password' - if they all go to the same email address then hey, you only need that email address compromising don't you…? Well, of course I don't setup a different email address for every website as that would be beyond silly - but I do have a few separate ones for secure sites. I don't use the same email on any financial sites for example. Ever. That could however be part of my general paranoia and may be a bit beyond the norm - I'll graciously accept that.

Honestly, check out password managers. It'll make your life more secure, and what's more make your day to day easier too.

Products like:

LastPass
1Password

…are probably the most popular. All multi-device, all integrate natively in to your web browser etc.

Get secure. It's your responsibility, not the providers. It's your data. They've always got a get out - oh we did our best. Blaming them all you like may make you feel better, but it's still your secure data flying around that internet.






*OOOO! You work in IT! Can you help me put a shelf up?
** No, this isn't my passphrase. Even I'm not that daft. //scuttles off to change pass phrases.
blog comments powered by Disqus