The majority of American adults have fallen victim to some type of data theft or fraud at least once, but despite their experiences and voiced concerns many do not follow digital security best practices in their personal lives. Instead, the trend is to prefer access at anytime, anywhere, and not just from PCs and laptops but also from mobile devices. Users want the same convenience and flexibility that they enjoy on smart devices.
Online Accounts Involve Sensitive Data
Nearly two-thirds of Americans have an online account involving health, finance, or other sensitive data, according to research conducted by Pew Research. More to the point, 72% of internet users in the U.S. have experienced at least some form of account breach, nearly half of Americans aged between 30 and 64 have noticed fraudulent charges on their credit cards, while about one-in-five have received notices that their social security number was compromised.
Although data breaches have had some effect on internet users’ behavior, the majority still do not follow the best practices recommended by security experts to protect their data. These recommended steps are:
- Use strong passwords.
- Use a unique password for every account.
- Use two-factor authentication when available.
- Shut down and unlink services you don’t use.
- Lie in response to security questions.
- Change the default passwords for connected devices.
- Track security breaches and change your password if a service you have registered for was hacked.
Why the Need for Authentication?
Password security is still the most widely used method of authentication. A strong password policy makes all your passwords stronger since end users would rather create ones that have a personal meaning to them and are easier to remember. For example, they will often use words such as the names of their children, spouses, or pets with easy-to-guess numbers such as birthdays, phone numbers, and addresses. These practices make guessing a password easy.
The username and password – which together equate to authentication – play an important role in the security framework, helping it to achieve its objectives:
- To prove the identity of the rightful user and allow access.
- To assure data integrity and only allow changes to be made by an authorized person.
- To ensure confidentiality and prevent access by third parties.
- Non-repudiation to prevent any denying of the rightful user’s actions.
Convenience vs Security
Imagine the internet is an office building. A nonexistent security policy will give access to the building to anyone – essentially there are no locked doors. A highly secure office building would require authentication at the entrance and screening throughout your movement within the building, limiting access to only the offices to which you have the keys.
Of course, this metaphor allows for the shuffling of the number and types of locks, but you get the idea. The acceptable balance is somewhere in between: authentication at the check in and nothing further; hence the popularity of single sign-in services. But those services are still protected by a simple password and (in the best-case scenario) two-factor authentication.
Striking a Balance Using a Password Manager
In light of all this, if sensitive data is protected only by a weak password, then that’s essentially equivalent to giving the keys to your home directly to a hacker – just think about the available password crackers and how fast they can discover passwords.
For some adult American internet users managing passwords is a challenge, with 30% worrying about the overall security of their online passwords. A quarter say that they use a less secure password because that’s how they can remember it, according to the Pew Research study. Some individuals are more likely to keep track of their passwords by writing them down on a piece of paper, which is equally as risky.
Considering that the majority of American internet users keep track of passwords in their heads, it’s clear where the problem is. The brain has its limitations when it comes to password management, so the convenience of re-using a ‘once strong’ password is the pattern that they seem to follow.
A password manager solves the problem in two ways: first, it becomes the central hub where all passwords are stored. Secondly, since it is available on all major platforms, it gives one-click access to the user no matter which account they wish to access nor where. That’s both convenient and secure.
Best Password Managers of 2018