Stories
Slash Boxes
Comments

SoylentNews is people

posted by martyb on Tuesday May 26 2020, @04:02AM   Printer-friendly
from the convenience-vs-security dept.

Arthur T Knackerbracket has found the following story:

Even seeing data breaches in the news, more than half of consumers are still reusing passwords.

More than half of people haven't changed their password in the last year – even after they've heard about a data breach in the news.

That’s according to a recent survey, “Psychology of Passwords: The Online Behavior That’s Putting You At Risk,” that examined the online security and password behaviors of 3,250 global respondents – and found that people still employ an alarming number of very common and very risky habits, even though they know better.

Researchers said that password reuse was the biggest security faux pas being committed by respondents. In fact, password reuse has actually gotten worse over the years: When asked how frequently they use the same password or a variation, 66 percent answered “always” or “mostly” – which is up 8 percent from the same survey in 2018.

Worse, 91 percent of respondents said they know using the same (or a variation of the same) password is a risk. They still do so anyways.

“Our survey shows that most people believe they are knowledgeable about the risks of poor password security; however, they are not using that knowledge to protect themselves from cyber threats,” said researchers with LastPass by LogMeIn, in a recent report.

[...] “People seem to be numb to the threats that weak passwords pose,” said researchers. “Technology like biometrics is making it easier for them to avoid text passwords all together and many people are simply comfortable using the ‘forgot password’ link whenever they get locked out of their accounts.”


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2) by NotSanguine on Tuesday May 26 2020, @02:21PM (3 children)

    you need to use a sequence referenced to some real world sequence.

    Exactly. A real world sequence like a song lyric. Two of which (Yellow Submarine [youtube.com] and What I Am [youtube.com]) I used in my examples.

    In fact, song lyrics are ideal as a basis for such password phrases. We tend to remember them more easily than other forms of language [psychologytoday.com], as research confirms [phys.org].

    I can't tell you exactly how many songs to which I know at least some of the lyrics, but there are enough for me to waste them giving examples to you and still have way more than I would ever need to use, modified, as passwords.

    Here's one just about everyone knows:
    "Dashing through the snow, in a one-horse open sleigh" can become "Sniffing all the blow, off a golden metal tray"

    And since the lyric itself is quite memorable, as long as you keep the same rhyme/rhythm scheme with your modified phrase, it's easy to remember. Once the *modified phrase* is associated with the melody, Bob's your uncle, Fanny's your granny.

    What's more, as you continue to use it, the association becomes *stronger*.

    Note that, as mentioned in the links above, the auditory cortex is most responsible for storing lyrics along with the melodies, remembering such stuff is much, much easier than trying to use something like "Four score and seven years ago, our forefathers brought forth a new nation."

    I suspect that many (if not most) folks could do the same with the songs they know. Which solves the password problem pretty completely.

    Just for fun, here's a few more:
    "Can you give me sanctuary, I must find a place to hide" becomes "Can you give me a sack of cherries, I must eat them all today" (The Soft Parade [youtube.com])

    "I see a red door and I want to paint it black" becomes "I feed a dead sort and want to take it back" (Paint it Black [youtube.com]). As you can see, the modified lyric doesn't even need to make sense.

    Assuming you enjoy music, I'm sure you can come up with dozens, if not hundreds, of these. If that doesn't work for you (have you even tried, or are you just rejecting the idea out of hand?), there's always LastPass [lastpass.com], KeePass [keepass.info] or a Sharpie on the inside of your eyelids.

    --
    No, no, you're not thinking; you're just being logical. --Niels Bohr
    Starting Score:    1  point
    Karma-Bonus Modifier   +1  

    Total Score:   2  
  • (Score: 2) by Barenflimski on Tuesday May 26 2020, @04:04PM (1 child)

    by Barenflimski (6836) on Tuesday May 26 2020, @04:04PM (#999264)

    That is all very interesting for sure. I am impressed that your brain works like that. Mine doesn't. I'd forget all my passwords and be logging onto every sight through the "forgot my password" button.

    For instance, I sing songs all of the time to people, but still forget the lyrics to songs I've sung a hundred times before. I've become very good at making up lyrics on the fly though. While that works great for crowds, I can't imagine the password algorithm is going to let me bypass authentication because I'm being witty.

    Lastpass has been my savior. Never a re-used password and no one can force a password from my head as I don't know any of them.

    • (Score: 2) by NotSanguine on Tuesday May 26 2020, @04:23PM

      Fair enough.

      I've been doing this for years and it works for me.

      Note that I don't use that mechanism for all my logins. Only for the ones that *require* really strong passwords (those that could negatively impact me personally or financially).

      I use other mechanisms for less important logins.

      For unimportant ones, I just make something up and use the "forgot password" link if I ever need to log in again.

      I suspect that if you tried* doing this (I believe in you -- so you should too! :) ), you'd be able to remember at least a few, given the special relationship that lyrics have to music and how your brain processes both.

      I say that because remembering someone else's lyric may be difficult for you, but if *you* assign a similar (using the same rhyme/rhythm scheme) lyric and *use* it, remembering it would be much, much easier.

      *They're your credentials and I certainly wouldn't try to tell you what do with them. That said, it couldn't hurt to try, could it? Not necessarily even using it as a password, just as a thought experiment. Or not.

      --
      No, no, you're not thinking; you're just being logical. --Niels Bohr
  • (Score: 1) by DECbot on Tuesday May 26 2020, @05:05PM

    by DECbot (832) on Tuesday May 26 2020, @05:05PM (#999282) Journal

    I like it. I think I'll start with this song:
    Cookie Monster sings [youtube.com]
     
    "C is for Cookie, that's good enough for me" can be come "C is for Kernel, that's good enough for me."

    --
    cats~$ sudo chown -R us /home/base