We still suck at passwords
APC editor Dan Gardiner wonders why, despite all the warnings, we’re still leaving our best line of digital defence wide open.
Almost without fail, every new year, a bunch of news stories circulate about how terrible and insecure our passwords are. The 2016 list of the most common passwords once again tells that same terrifyingly mundane story: despite years of warnings, many people still use crap passwords. Using data that’s been leaked after major site hacks, security firm Keeper Security scoured the login details of 10 million accounts and found that a whopping 17% of users were employing the password ‘123456’.
I do get it: passwords are hard. Having to invent different logins for every site and service you use would be a monumental task, so the temptation to take shortcuts is perfectly understandable. And I admit that, until about five or six years back, I was fairly lackadaisical when it came to passwords, too, having settled into the habit of re-using a handful of passwords across numerous sites. And in this age of ubiquitous hacks, where even big companies like Yahoo! are at risk, that’s just asking to be fleeced. The problem with re-using the same password everywhere should be clear — if just one service gets hacked and that password gets leaked, the hacks will have the login for all your accounts.
As we’ve said previously in APC, using a password manager is the best choice. These make password security easy by automatically generating secure passwords and keeping an encypted database of them — so the only password you need to remember is the one to access your personal database. If you want an all-in-one solution, our current recommendation is LastPass ( www.lastpass.com), a cloud-based service that you can access via the web and also has dedicated apps for Windows, Mac, iOS and Android. It’s essentially free and once you start using it, it actually becomes easier than trying to remember a bunch of different passwords. So make the switch — you won’t regret it.