The Password Is Dead, Long Live The Password!
They just don’t meet the challenge for anything you really want to secure.
Bill Gates, 2004
You will never need a password again.
IBM, predicting five years out in 2011
Passwords and simple bearer tokens, such as cookies, are no longer sufficient to keep users safe.
Eric Grosse, Google, 2015
Passwords are not going away any time soon 1. If our collective hygiene does not improve, we will all die in fiery apocalyptic digital anarchy, probably. Or not. However, just like hygiene for our bodies, prevention and care is far cheaper and more effective than remediation and recovery.
Managing The Chaos
How many passwords does the average person keep track of? Information regarding password usage is not widely circulated, but if a recent report from LastPass is to be trusted, in 2017 that answer is 191. Assuming we follow good password hygiene and all passwords are at least 8 characters in length (or more!), that’s 1528 total characters. At least. My password manager is configured to generate 64 character passwords by default, which would total 12,224 characters. It goes without saying, but that’s simply too much for one person to remember. The necessity for using a password manager is stronger today than ever before.
So do some research. Find a password manager that looks like a good fit and sign up. Download the browser plugin, the mobile app, and the native app if it’s available. Make it easy to do the right thing.
Wash Behind The Ears
Then, for every re-used password, change that sucker! If possible, only copy and paste passwords from the password manager app/plugin. This makes it practical to use longer passwords. At first, a 64 character password seems impractical, but if it’s never manually typed, does the length matter? At this point the limitation is on the service requiring the password.
It is 2018, and the inexorable march of time propels us forward. What other options are there to increase personal security? 2FA is spectacular, ubiquitous, and easy to get started with. Apps are available which provide 2FA, as well as physical security keys. Biometrics, including fingerprint and face scanners are promising and becoming more mainstream. Any of these options will dramatically increase a user’s defensive posture against attacks.
1. This, apparently, is not a common perception