I spent much of this, the first day of 2014, updating all my passwords. I should probably perform this task more than once a year, I realize. But I bet I still do this far more regularly than most other folks do.
Even so, I’ve often still violated one of the common rules of password usage – that is, I’ve used the same password across multiple sites. Sure, I had several tiers of passwords: one set for super important financial stuff, one set for super important work stuff, one set for social media, one throwaway password that I used just about everywhere else. Sorta clever, I guess. No actually, pretty sloppy.
I recently purchased 1Password to help me better handle all the various logins for all the various apps I use. (It has a number of features I really like, including a browser add-on to make both username and password entry and password generation easy. This means I don't have to rely on Google to store my passwords in Chrome. Because ugh, who trusts Google these days?!) The end result: now I have a unique, “strong” password for every app and website I use.
What a pain in the ass.
I’ve created hundreds of accounts across hundreds of sites, so even under the best of circumstances, this was bound to be a time-consuming process. It was complicated too by the inconsistency across apps as how the password-changing process worked. (Some asked for the old password, then a new password. Some made you type the new password twice. Some just asked for a new password. Some checked to see if the password was strong. Some checked to see if you'd used the password before. Some made you click the "forgot my password" link.) I also noticed that a number of apps, even though I'd changed my password on their website, didn't ask for updated information when I logged into the app on my phone.
What a mess.
My takeaway: We're only going to see more and more security breaches. And sure, "user error" - old passwords, weak passwords, passwords used repeatedly across multiple sites - will be partially to blame. But it doesn't feel like the tech industry is really doing its part to make password management easy for users either.
Image credits: The Noun Project