You enter your password: Password
And the website says “the password is too weak”.
You enter another password: 123Password
The website says “the password is still too weak”.
You finally break down and enter a password with punctuation: 123Password?
I mean you managed to get past that annoying “password is too weak” hurdle and you still have a password that you can remember, so win/win, right?
Unfortunately, as with many things in the world of digital security, not only is that not the case, you may have actually made your password easier to hack given the predictability of adding the numbers 123 and a common punctuation mark like a question mark.
When a password rules creator asks users to create a password with uppercase letters, lowercase letters, numbers and a special character they envision a beautifully complex 12 character password like ‘WaK$4j*l9@z5Q’, but in practice users invariably look at their dog sitting next to them on the couch and input ‘1BellaBella!’ and presume they are safe from hacking.
According to industry research, the average user now has almost 100 passwords (up 25% in just the last 4 years) to access everything from shopping sites to subscription services to highly sensitive information like bank and brokerage accounts. In addition to having more passwords, the passwords that users are required to maintain are increasingly complex (gone are the days of ‘123456’). The result of these two trends is a world where 75% of Americans now report being frustrated with all of the passwords in our lives.
The simplest change that most users can adopt to ensure enhanced security is to lengthen and increase the complexity of their passwords through the use of randomized letters, symbols or numbers. This brings us back to square one though – users might have a secure password but creating and tracking 100+ unique and complex passwords will only lead to increased user frustration.
One approach to combat the challenges associated with remembering complex passwords is the idea of a passphrase. A passphrase is a collection of seemingly unrelated words (Rocky_swimmer+Guitar9*saddle) that can have special meaning to the user and are thus much easier to remember. However, given the randomized nature of the characters and their length, passphrases prove to be incredibly difficult for hackers to break.
However, both user-created complex password and passphrases still require the user to play an active role in the creation of the password or passphrase. This is where random password generators and their associated password managers can prove to be useful tools for quickly creating and storing complex passwords.
There are a number of commercially available password managers and password generators that offer services via an annual subscription with prices ranging from free for a barebones service to $35-$60 per year for a complete product. Some of the most feature rich options include biometric authorization (fingerprint and/or Face ID), family sharing, encrypted data storage and even VPN services. An added benefit to the use of password generators is that there is a growing mountain of evidence indicating that it is not necessary to constantly change your passwords, if you have a strong, complex password in the first place.
Companies such as LastPass (www.lastpass.com) and 1Password (www.1password.com) offer password generators and password management across multiple platforms for nominal monthly fees of $3-5 depending upon the number of users. 1Password, in particular, is a popular option for families and travelers as it includes a travel mode which temporarily removes passwords from a device when crossing borders.
Users needing a complete suite of security products along with a password generator and password manager might consider Avast Password (www.avast.com) (OTC:AVASF). Avast offers a wide suite of security tools like malware detection, VPN and a leading antivirus program so utilizing their password management tools is fairly easy for users who are already familiar with their products.
Finally, there is the option of utilizing built-in tools in your web browser to generate passwords and manage those passwords. Google’s chrome (NASDAQ:GOOG), Apple’s Safari (NASDAQ:AAPL) and Microsoft’s Edge (NASDAQ:MSFT) all offer basic password generators and password management tools. The limitation to this approach is a lack of password sharing and access to passwords is really limited to the browser environment, but it is a low-cost option and the tools likely exist in the browser you are currently using.
Passwords are a necessary component of our digital lives and until the next generation of security tools are more widely adopted, the best approach is to utilize a long, complex password which can be generated automatically and stored in a password manager. User education about the different password tools available seems to be the best approach to reduce user frustration and improve password security for all.
DISCLOSURE: Zacks SCR has received compensation from the issuer directly, from an investment manager, or from an investor relations consulting firm, engaged by the issuer, for providing research coverage for a period of no less than one year. Research articles, as seen here, are part of the service Zacks SCR provides and Zacks SCR receives quarterly payments totaling a maximum fee of up to $40,000 annually for these services provided to or regarding the issuer. Full Disclaimer HERE.