A stampede of passwords

Have you ever asked a stranger how many passwords he or she has?

I have. (It’s an occupational hazard.)

I’ll start by saying that I don’t harass strangers in shopping malls. But, when I’m at a conference or trade event, or at a party, and I find myself talking with someone I’ve never met, the talk often turns to security and passwords – and then I pounce!

The great majority of answers fall into the following categories:

TOOOO Many!

I don’t know.

And the #1 answer:

10-15.

Almost no one says “none of your business!” (Hurray for informal surveys!)

Too many” suggests that the person is overwhelmed.  This is entirely understandable in today’s world where, just about everything we do requires an online password.

Depending on the body language, “I don’t know” usually means they just don’t care. Because passwords are so prevalent, they have lost their significance for these folks.

Neither of the first two answers suggests a healthy approach to security, but it’s the “10-15” response that is thought provoking because it is so specific, and it is such a popular answer. The response isn’t usually just blurted out without any thought: I can see the little cogs and sprockets turning inside their heads as they try to put a number on it. They are counting up the little cubbies in their brain where passwords are stored.

These folks think that arriving at an answer of 10-15 is great, because 10-15 of just about anything is pretty manageable. Even a stampede of 10-15 elephants doesn’t sound too dangerous.

And that’s the problem: 10-15 seems so reasonable.

Because the number they have in their heads sounds manageable, most people think they’re in control. And because they think they’re in control, they often don’t give the matter the attention it deserves, and that easily leads to choosing the wrong approach.

But, is 10-15 password accounts really realistic for most of us today?

Consider everything you do online:

  • email (Gmail, Hotmail, Yahoo… do you really have only one email address?),
  • banking (savings, credit cards, PayPal, mortgage, investment accounts…),
  • online shopping (Amazon, e-bay, Angie’s List…),
  • utilities (gas and electric, cable, cell phone …)
  • online entertainment and streaming (Netflix, Hulu…),
  • social media (Facebook, YouTube, Twitter, Instagram…),
  • online magazines, newspapers and blogs,
  • self improvement (Lynda…),
  • kids’ school accounts and local services like the library,
  • security (online backup, VPN…),

not to mention the myriad interests that can be satisfied on the internet.

After finishing the exercise (a little exhausted, but satisfied!), most people are invariably surprised to find out that they’ve underestimated by 50%, or more. They typically have 20-30 accounts, and usually more than that.

Interestingly, the number of passwords people think they have doesn’t seem to influence the answer to the next obvious question: “how do you deal with them?” Most of the time, they give me an embarrassed grin and, pointing to their head, say some variation of “in my mind!” (Cue Eddie Izzard going on about his self-delusions.)

And then I hear the story of how they remember all their passwords (a strong sign that their passwords aren’t all that strong), or that they use a single super duper strong password for all their sites (considered by security experts to be even worse than having a less strong but unique password for each site), or a couple of passwords spread over ‘important’ accounts and ‘unimportant’ accounts (a dangerous combination of the two). Unsurprisingly, these approaches involve generous application of the ‘resend password’ feature available on most sites.

Very few people say that they use a password manager product.

Password security involves strong, unique passwords, and being able to connect them to their correct accounts. For most people, remembering random strings of characters and tying them to their respective accounts doesn’t come naturally. In addition, without frequent repetition, we tend to forget stuff, anyway. Add to that the fact that requirements for the random passwords vary website to website, and that the websites periodically demand that the strings must be changed. (It’s enough to make you say “TOOOO Many!”)

These are precisely the things that a password manager gives you. Plus secure storage that is accessible on all your devices. Regardless of how many login accounts you have, a password manager is the best way to have a strong, unique password for each account – and it remembers it for you!

Hi! I don’t believe we’ve met. How many passwords do you have?

About Sticky Password:

Sticky Password, founded in 2001, is a utility software that creates and organizes passwords to simplify a user’s online life without compromising security. Sticky Password provides automatic login, one-click form filling and storage for personal data. It brings “set and forget” password management technology to the world. Security leaders like Kaspersky Lab, among others, have selected Sticky Password to power elements of their own product solutions. Sticky Password is available at stickypassword.com and at major retailers including Office Depot, Office Max, Fry’s and MicroCenter.

Guest Blogger.

Leave a Reply