Why do people keep using and reusing easy to guess passwords?
It’s a sad fact of life but most people choose very poor passwords. So poor in fact, they can be cracked with easily-found hacking tools in seconds. Or less.
Every time a major data breach takes place the aftermath reveals lists of those passwords most often used on the site in question, and the same staples appear time after time.
Examine any Top 10 list off common passwords and you’ll find classics such as password, 123456, letmein and qwertyuiop, all of which are terribly easy to guess with even modest hardware and a list of « dictionary words ».
So why do so many people choose weak passwords?
The answer to that question is remarkably simple: convenience.
When you have dozens, or even hundreds, of passwords to remember… you can’t.
As complex as the human brain is, we are not very adept at remembering complex strings of letters, numbers and symbols and so the temptations is to fall back on the simplistic – names and numbers that have meaning to us (birth dates, for example).
The problem with that of course is the fact that they are so easily guessed that an attacker can quickly gain access to your online account and, if you have re-used such passwords across a number of sites, the damage could be much, much worse as one data breach could compromise your entire digital life.
As has already been mentioned, this is not secure behaviour, so what is the solution?
Using a password manager
If you opt to use a password manager – and we strongly recommend that you do – you’ll only ever have to remember one single complex password with which to secure the management software.
The password manager itself will store all your other login information and may even recommend complex passwords for each new site you add, all in an encrypted format so you’ll never have to worry about anyone else being able to access them (just don’t forget that master password and do ensure that it is hard to crack).
Thus a password manager will take a load off your mind and enhance your security at the same time – what’s not to like?
So how does it work?
Well, whenever you need to log into a website, you will navigate to it in the normal manner but, instead of typing your password into the appropriate box, the password manager will fill it in for you, along with your username or email address. You won’t need to remember those details – the password manager will take care of that for you.
If you’re creating an account on a new website, the password manager will offer to either remember the one you enter, thereby allowing you to make it as complex as you like, or it will offer to generate one for you. Depending on which password management software you are using, you will likely have a choice of how long that password should be. As you don’t need to remember it, you may as well go as long as possible because longer most definitely is better in this context.
Also, as an aside, your password manager can fill in other information beyond the standard login credentials, including populating web forms with your name, address, email address, etc., as well as other types of data in a secure form, i.e. credit card numbers and secure notes.
Password managers can also help prevent phishing by matching up your data to a specific website – if you land on what you think is your banks website but no information is automatically entered into the webworm, it may well be an indicator that your are not where you think you are (check the URL for https and any misspellings).
Getting started with a password manager
Most paid password managers are easy to set-up. Some of the open source, free, password managers take a little more work. You can check out our password manager guides for help getting started. Once installed, password manager tend to be remarkably easy to use.
The only tricky decision you are likely to face comes in the form of choosing your master password. Tip: See our guide here on choosing and remembering a strong password.
Beyond that, you’ll find the software will make your life much simpler, though you may now be tempted to go ahead and change all your existing passwords to something more complex (and that’s not a bad idea), especially if you choose to go with one of the password managers which nags you to do just that wherever it spots a short, weak or reused login credential among your collection.
Recommended password managers
When it comes to choosing a password manager there is no universal favourite or « correct » solution – they all have their pros and cons, some are free, some you need to pay for, some are easy to install and other require at least some degree of technical knowledge to get the most out of them.
That’s why we at Comparitech are running a series of how-to guides and password manager reviews – we’ll examine all the major offerings and determine who they are most suited to and whether the non-free ones are worth the asking price.
We’ll also show you how to install them and tell you what you need to know to get up and running.