Passwords are a necessary evil in a world where we have to juggle multiple accounts across an array of websites and services. We’re constantly being told to create a strong, secure and unique password for every account. But putting that advice into practice is problematic for a variety of reasons. A report released Thursday by password manager LastPass looks at how anxiety over passwords is having a snowball effect.
SEE: Extra security or extra risk? Pros and cons of password managers (TechRepublic)
To generate its report, LastPass surveyed 2,005 Americans to measure their thoughts about passwords and the pitfalls of trying to maintain strong and secure ones across the board.
Using a different password for each account and website is sound advice. Otherwise, a hacker who obtains your password for one site can easily compromise other accounts that use the same password. But the more websites you use, the more challenging this strategy becomes.
Among the respondents, 70% said that they feel they have too many different passwords to remember, prompting the average person to use the same password for six different accounts, both personal and work-related. Even when asked to create passwords that are different, a majority of those surveyed said the new passwords are still very similar to existing ones. This plays out when someone simply appends an existing password with the current month or year.
Many people store or try to store their passwords on their computers or mobile phones. But this approach isn’t ideal, especially as we jump from one device to another with the expectation that our passwords will be available and accessible anywhere.
Some 65% of the respondents admitted that they experience panic or anxiety when they discover they don’t have a stored password for a website they need to use. Further, 57% of those surveyed said that they’d be locked out of most of their accounts if they ever lost their phone.
All of these obstacles lead to something LastPass has dubbed password anxiety, a condition that not only affects individuals but organizations. Among the respondents, 64% said they would avoid visiting certain websites or using certain accounts where they’ve forgotten their password. That can hurt any organization that maintains an external website or manages internal accounts.
There is yet no ideal and universal solution for authenticating website and account logins. Biometric tools such as fingerprint and facial recognition are certainly easier and more effective than passwords. Most smartphones offer one or both methods, but they still don’t have comprehensive support from all websites and apps. For now, we still need to rely on passwords. Toward that end, LastPass offers a couple of tips to help you better grapple with passwords.
Use passphrases. Strong and complex passwords with alphanumeric and special characters are difficult, if not impossible, to remember. Instead, why not use a passphrase? This can be a phrase that has some meaning to you personally yet still be complex. A passphrase such as “Theres-no-place-like-home,” “I-like-to-eat-waffles,” or “Give-my-regards-to-Broadway” can be as strong as, if not stronger than, a more conventional password yet is easier to remember.
Use a password manager. Since LastPass sells a password manager, the company naturally recommends using one as a solution. But the point is still valid. A password manager takes most of the pain out of passwords by automatically creating, storing and applying strong and secure ones across all your websites and accounts and across all your devices. You have to concoct a strong and complex master password to protect your account. But that means one password to remember instead of dozens or hundreds. Password mangers to consider include LastPass, 1Password, BitWarden, Dashlane and RoboForm.