How many passwords do you currently keep track of? Maybe 20, 30, or more than 50? It can feel like hundreds because we use them constantly. Passwords allow us to access almost everything we do in a day – whether it’s for work or listening to music. As of 2019, the average American maintains passwords for 27 online accounts (Harris poll). (Other studies, commissioned by commercial interests, report an average of upwards of 80+ passwords per person.)
Regardless of whether you fall on the low or high end of that range, it’s a lot of passwords. Despite all the available guidance and tips for creating strong passwords, studies show people’s habits generally fall short.
Everyone probably knows a friend who got locked out, unable to access their email, social media or other personal online accounts. Then that person spent days on the phone with tech support trying to prove their identity.
Why Do People Struggle with Personal Password Security?
- People don’t want to relinquish control of their passwords. The first commandments we learn when establishing our online presence< are: “Don’t share your password with anyone. Don’t write your passwords down.” There’s a built-in distrust in tools like password managers. Pew Research Institute reports that only 3% of internet users rely primarily on password managers.
- It’s hard to remember a lot of different passwords. People want to make passwords easier to remember, so they use patterns, change one character in an existing password, or reuse passwords for multiple accounts. A security survey conducted by Google found 65 percent of people use the same password for multiple or all of their accounts. This data is quite surprising given the hundreds of articles published each year advising against exactly that.
Online Security: Stay Ahead of Hackers
With so many people working from home now, it can feel like we’re online most of the day. It’s more important than ever to be mindful of how we protect our own little personal sphere in a way that minimizes the risk of having our identity compromised.
Four Steps to Keeping Your Identity Safe
1. Change Your Mindset: Cue from your employer. Most employers have robust password management processes and multi-factor authentication (MFA), so you’re probably already using these technologies and processes. Following the lead from the IT experts at your company is free security advice that we could extend into our personal lives, but somehow, we view it as separate from our personal life.
2. Adopt These Two Solutions:
- Password Manager or Vault. Password management technology is now more available and mainstream than it used to be. It also requires careful research and an ongoing commitment to consistently using the technology for it to work effectively. In the future, we may be able to eliminate the use of passwords permanently, but until that happens, a password manager is the best solution.
- Multi-factor Authentication (MFA). MFA protects your account even if someone has guessed or stolen your password. After a password is successfully entered and before granting access to an account, the technology confirms your identity. It requires you to engage with an auto-generated confirmation link, phone call, or text message to your personal device to authenticate your identity.
The common downside with MFA is, by design, it will be much more difficult to gain access to your account if you don’t have the other factor available.
MFA is only available when a company has built it into their website. Use this technology whenever a website or business offers it.
3. Enlist Expert Advice: Selecting and setting up a password manager requires careful consideration for ensuring a proper set up because the risks for doing it wrong are significant. If the explanations sound too technical, enlist a tech-savvy friend or a professional for additional guidance.
If you are using an MFA that sends a token to your phone and plan to buy a new phone, the MFA security app will not restore from a backup automatically. Be sure to find out how to restore your MFA security app before turning off your old phone.
4. Have a Good Recovery Plan: Your rescue plan will include your most critical password for protecting your online identity. Whether it gets you into your password manager (preferred!) or your primary email account, this one password deserves your very best effort in applying every best practice.
Keep in mind, the first line of defense in protecting your personal online identity is to stay alert and be aware of scams and suspicious links. While user-error certainly isn’t the root cause of all account breaches, it is an area of risk. It’s also important to be sure to follow best practices for password creation. With diligence, strong passwords and technologies like a password manager and MFA, you can significantly improve the security of your online identity.