Passwords are annoying. We are constantly being told to keep complex passwords, to memorise them, and not to reuse them in different applications. That’s becoming a joke, because it’s asking the impossible. More so now as we become increasingly dependent on digital applications.
So, most of us end up keeping simple passwords. We reuse them. And, if we do keep complex passwords, we definitely note down all user IDs and passwords on a spreadsheet, or a piece of paper.
For organisations, this is actually a big risk. As Vikas Malhotra, head of enterprise business at LogMeIn, the Boston-based remote connectivity services company, said at the Times Techies Webinar last week, 85% of cybersecurity breaches involve a human element, and 61% of breaches involve compromised credentials (user ID, password). The data is from a recent study by Verizon.
So what should we do? A powerful tool that has emerged to address this password minefield is what is called a password manager. Some browsers too have it. LogMeIn has one called LastPass, which comes as both a browser plugin and a mobile app.
“The moment I create an account with a random, complex password, LastPass will pop up and say, `do you want me to remember this’. If I say, `remember’, then it will store it. And the next time I go to use the application, LastPass will offer the option to automatically fill in the login and password,” says Malhotra.
Alternatively, you can go to the LastPass website, login with a master password, and that opens a vault, from where you can open your bank account, your email, and every app.
So, all it requires for you to remember is the master password. And that should be a complex one, which you should try and memorise. And it could be backed up with a biometric sign-on.
Abhimanyu Saxena, co-founder of InterviewBit and Scaler Academy, says the passwords stored in password managers are encrypted, and so it’s almost impossible to hack into them. “A big defence line for cybersecurity is having passwords that hackers cannot predict. And password managers are a great way to handle such passwords,” he said.
Layman’s advise. Don’t store passwords online. Better write them on a small diary with some internal coding and keep the same secure.