Passwords remain a problem even for tech-conscious consumers. In an F-Secure poll, 43% of respondents report using the same password for more than one important account – a big no-no for proper password hygiene.
58% of poll respondents have over 20 password-protected online accounts or simply too many too keep track of. 27% have between 11 and 20 password-protected accounts and 15% have under 10. But even with so many accounts, just 40% use a password manager to keep track of them.
Encouragingly, 57% of poll respondents changed passwords after hearing about Heartbleed. Of poor password habits, the most common was using the name of a family member. The next most common poor password habit was using a pet name, and then using generic passwords like “Password” or “123456.”
Post-Heartbleed, it’s especially important to pay some attention to passwords. But getting all one’s passwords in order – setting a unique, strong password for each individual account – can seem like too big a job, which is why many aren’t doing it.
There’s a lot of advice out there on how to generate and manage passwords. What’s the average person to do? Sean Sullivan, Security Advisor at F-Secure shares the one fundamental tip that everyone should remember: “Identify the critical accounts to protect, and then make sure the passwords for those accounts are unique and strong.”
Sullivan’s advice takes into account the fact that many people have accounts for services where little personal information is stored. “If you created an account for some website and there’s hardly anything more in there than your username and password, then that’s probably not a critical account,” he says. “But your Amazon account with your credit card info, your bank account, your primary email accounts, the Facebook account with your life story, these are examples of the critical ones. If you don’t have time or inclination to tackle everything, at least take care of those.”
A prime example of a critical account is an email account that is used as the point of contact for password resets on other accounts. For these “master key” accounts, it’s a good idea to activate two-factor authentication if available.
But how to protect those critical accounts? Use a secure password manager which stores passwords, usernames and other credentials so you can access them through one master password.