Why? First, there’s a growing number of websites which require an individual user ID and password (not every site lets you login with Facebook or Google ID’s). Second, I like to shop online, bank online, and comment on a few forums. Those user ID’s and passwords for all those websites add up.
Finally, with such a large variety of websites to login to it was becoming more difficult to use the same user ID and password for every site. No, I don’t use my name as the user ID and don’t use ‘1-2-3-4-5-6’ or ‘a-b-c-d-e-f’ as my password. But it’s exactly that which inspired this missive.
According to Kaspersky, the online company which tracks malware and sells security solutions, one out of every seven people who have user IDs and passwords and use them to login to important sites use the same password for all their online accounts.
Caveat Alert! Kaspersky is a Russia-based security firm and how they would be able to determine the one-in-seven figure should be suspect in and of itself, but there’s an element of common sense to the conclusions. A difficult password, as defined by Kaspersky and anyone else with security experience, is a long password mixed with upper and lower case letters, numbers, and symbols. The unmonitored monitors say that one person in 10 uses a password that is less than eight characters long (you can’t see it, but I just raised my hand and whispered ‘Guilty!’).
If you’d like some interesting stats, Kaspersky has you covered with a detailed PDF document which outlines security habits by country and points out the shortcomings of security plans. Bottom line, the weakest link in consumer and business security is the user.
So, what does my password manager app do that a more complicated password does not? It’s a trick question. A complicated password is hard to remember, and should not be used on multiple websites, especially if the user ID (often nothing more than an email address which by itself is often obtainable publicly) is the same. A password manager apps simply stores both user ID and password and makes logging into websites a bit easier, especially for those of us encumbered by a memory that’s already too clogged with trivial bits of information (why is there no video of Martians, Bigfoot, or U.S. Muslims celebrating 9/11; no such videos exist for a reason?).
Take a quick inventory of your user IDs and passwords. If any of them are the same then change them to something different. Each one. It’s more secure. Oh, one more thing. I’ve been taking my credit card numbers off every site where I have to buy something. While it’s less likely someone will hack my Mac or walk off with my encrypted user ID and password, it’s far more likely that some smart hacker residing in Russia, China, North Korea, or Silicon Valley can figure out a way to break into a store’s obviously anemic security and walk away with my information.