Here he goes again, banging on about passwords
Yes, I know, but here’s a statistic that I find a bit shocking, so I think it’s worth returning to the subject.
According to recent research, FICO claims that over 25% of people in the UK use five or fewer passwords across all their accounts. I don’t know how many accounts each of us has, but it must be at least 25 on average. That would mean that, on average, in this country a quarter of people use each password in at least five different places. Is it any wonder that so many accounts are hacked?
Given that the account credentials usually consist of just an email address and a password, then every email address and password combination that is exposed in a data breach could unlock many other accounts. Why on earth do people risk that? We have absolutely no control whatsoever over how secure our email and password are kept by the organisations to which we entrust them. If you re-use that combination elsewhere then you are, in effect, saying to each of those organisations “the security of other acounts of mine depends on how secure your systems are – but I don’t know how secure your systems are”. It is like entrusting the keys of several properties to an organisation that might just leave those keys lying around for anyone to pick up.
Why the reluctance to assign unique passwords to accounts? I don’t think it can be any more complicated than a matter of convenience, I encounter many many clients who are not methodical when it comes to recording and retrieving passwords. And yet, as I have blogged before, it is not difficult to record this information in a simple Excel spreadsheet or Word document and to have that file password-protected. Thereafter, you only need to remember one password – the one that opens that document.
Surely it is easier to develop the simple habit of doing this than endure all of the grief that lost passwords and mis-remembered passwords cause (not to mention the consequences of hacked accounts). I’ve long since lost count of the number of times clients wonder aloud whether they added “123” or “99” or whatever to the end of the password (and did it begin with a capital letter, and which of their children’s or cats’ names was it etc?)
Even when people use so few different passwords, they still often struggle to use them. Apparently, almost 25% of people have failed to complete an online purchase because of password problems and 15% of people have failed to open a new account because of password problems.
Clearly, there is plenty of room for alternative methods of authentication to replace passwords, and the evidence is that we become more likely to trust alternative methods as we get more experience of using them. Such alternative methods include facial recognition, fingerprinting, and voice recognition.
So, hopefully, there will come a day when we won’t need to quickly lay our hands on dozens of different passwords. However, that day hasn’t arrived yet, so, in the meantime, I recommend a simple, password-protected document if you don’t want to engage with any of the dedicated password programs that there are out there.
The two complaints I hear most from my clients are:
(1) why do they have to keep changing things?
(2) how are we supposed to remember all these passwords?
I’m afraid that the answer to both questions is, to a large extent, the same. Information Technology is still a rapidly-changing technology and our world runs on change, advance, improved efficiency. How could capitalism survive without it? Moreover, we just happen to be living in a time of huge change in this one area and, because it’s completely global, every malevolent person in the world has access to it and wants to exploit you and it. Therefore, security is paramount and there is a constant “cat and mouse” game going on between the security experts and the villains.
And yet, for all the grumblings about change and passwords, I don’t hear of swathes of the population abandoning their IT and going back to “simpler times”. Surely that says something about the benefits of information technology outweighing the frustrations.