Don’t Give Up Your Password Manager Yet
The end of the password is in sight, but until then using a password manager is the best security decision you can make.
World Password Day, aka May 5th, has come and gone. Since I am no longer the Editor-in-Chief of PCMag.com, I chose to celebrate Cinco de Mayo instead. And yet, I do feel the need to say a few words about passwords. In a world populated by the NSA, FSB, Facebook, Google, and Face…er, Meta, there remains one security threat that trumps them all: people choose dumb passwords.
The “worst password list” is a mainstay of tech journalism, usually served reheated on World Password Day. The fascinating thing about the list is that year after year; it doesn’t change much. There are a few pop-culture references that creep in, but it is pretty static. Lookout’s 2022 list looks like this:
123456
123456789
qwerty
password
12345
12345678
111111
1234567
123123
qwerty123
So, yeah. We suck at creating passwords.
And we are not getting any better. Here is 2021’s list:
123456
123456789
12345
qwerty
password
12345678
111111
123123
1234567890
1234567
And here is a similar survey from 2012 done by TeamPassword:
password
123456
12345678
abc123
qwerty
monkey
letmein
dragon
111111
baseball
We. Just. Don’t. Learn.
I made my first secure password when I was 23. I know this because I used the number 23 in my password, along with the first letters of a punk song only me and the band members recall. Easily remembered alphanumeric gibberish. It was solid. For 1996.
Of course, I started using it on multiple sites. Dumb, but kind of inevitable. How many passwords can one person remember? I think that password survived until one of the Yahoo breaches.
I now have 476 passwords.
I know this because they are all locked in an encrypted vault on LastPass. I need to remember one password to access them. On my phone, I use my fingerprint. They are safe because 1) I didn’t create them, and 2) I don’t actually know what they are. There are glitches, of course. Some accounts have multiple passwords. And I fall down the password reset rabbit hole like everyone else, particularly when using a new device. Even so, using a password manager like LastPass is the best thing you can do for your personal security.
And if you have a business, using a password manager to control access to your critical systems is even more essential. IT tries, but almost every employee that leaves a company retains access to critical internal systems.
Help is on the way. Just last week, again on World Password Day, Apple, Google, and Microsoft announced a joint effort to eliminate the password.
The tech giants are teaming up with the FIDO alliance to build a universal sign-in protocol. Instead of entering your favorite password, you will open the app on your phone and get a credentialled passkey key. FIDO support itself isn’t new, but it requires you to enroll each account individually. When the new standards roll out, you will be able to seamlessly use one log-in for Android, Chrome, Edge, Windows, macOS, and iOS. The fact that these tech giants are teaming up is a great thing, but the solutions won't roll out until next year at the earliest.
This is a huge step forward, but the best thing you can do now is to use a password manager. I’m locked into LastPass, but PCMag’s Kim Key prefers Keeper these days. If you are starting from scratch, that is probably the place to do it.
Don't give up your password manager yet.
Today’s Bits
Apple's Director of Machine Learning Resigns Due to Return to Office Work
Meta Plots Ambitious VR Release Schedule of Four Headsets by 2024
Google makes $100,000 worth of tech training free to every U.S. business
MetaMachined
I’m on the road this week. Nashville today, L.A. later this week. Tonight, I will be at the inaugural Osiris Live show. The event is sold out, but you can watch the live stream here. It is a great opportunity to support musicians who got slammed during the pandemic shutdown (plus, it will be a great show).
