Stories
Slash Boxes
Comments

SoylentNews is people

What Keeps People from Using Password Managers?

posted by mrpg on Friday June 18 2021, @09:00AM   Printer-friendly
from the 00aa23e67f100945c87d19e4012f dept.

An Anonymous Coward writes:

WSJ: What Keeps People From Using Password Managers?

No pay wall: https://archive.is/HCtcT

Many of us are vulnerable to hackers and eager to secure our online accounts, but lots of us also refuse to use an obvious solution: password managers.

Why? Our research has found that the typical reassurances and promises about password managers just don’t work. Fortunately, our research also suggests there are strategies that can persuade people to get past the psychological barriers and keep their data safe.

[...] In a study I conducted with my Ph.D. student Norah Alkaldi, we found that the two most common methods of persuasion were ineffective in getting people to adopt password managers. The first is the “push” approach—the idea that by showing people the dangers of using simple passwords, recording passwords on their computer or using the same passwords at different sites, we would push them to adopt a safer approach. Users, we found, don’t respond to the push strategy.

[...] The other, “pull,” approach—focusing on the positives of password managers—didn’t deliver any better results.

[...] We discovered two types of “mooring factors” that keep people from changing their behavior.

[...] First, there was the effort required to enter all your passwords into the password manager.

[...] People also fear they will lose all their passwords if they forget their master password.

Original Submission

 
This discussion has been archived. No new comments can be posted.
What Keeps People from Using Password Managers? | Log In/Create an Account | Top | 67 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 5, Insightful) by Anonymous Coward on Friday June 18 2021, @10:14AM (3 children)

    by Anonymous Coward on Friday June 18 2021, @10:14AM (#1146906)

    Yep. Can't use a password manager from anywhere except where you have it installed. If it breaks, you're hosed. If they're only stored locally, you can lose them all if your computer dies. If they're stored remotely, a data breach will reveal all your passwords. If stored remotely but encrypted with your master password, forgetting the master password locks you out.

    Password managers just aren't a solution. They solve some problems and cause others. They are probably better in corporate environments where you can go to IT and have them fix everything when the password manager fails, as opposed to personal use where you have to chase down 1000 different systems yourself.

    The psychological resistance comes from "thing under my control" (remember passwords) vs "thing not under my control" (password manager). Even if the thing not under your control is better on average, people don't want it. It is a little like self driving cars, lots of people just don't want them, period.

    Everyone requiring stupid passwords that can't be remembered just makes everything worse. xkcd passwords are easier, but still probably would be forgotten if used rarely.

    I'm a big fan of "log in with X service" - sure, it sucks to have more things depending on Google or Facebook, but it reduces the number of passwords and for most stuff it's completely adequate security - even the privacy is better than you'd expect.

    Starting Score:    0  points
    Moderation   +5  
       Insightful=5, Total=5
    Extra 'Insightful' Modifier   0  
    Total Score:   5  

  • (Score: 0) by Anonymous Coward on Friday June 18 2021, @10:49AM (1 child)

    by Anonymous Coward on Friday June 18 2021, @10:49AM (#1146909)

    And if you keep it locally and/or on removable media and/or remotely you have to keep them all synced.

  • (Score: 0) by Anonymous Coward on Friday June 18 2021, @05:30PM

    by Anonymous Coward on Friday June 18 2021, @05:30PM (#1147043)

    You have a lot of good points. I use a password manager, though.

    I only use passwords on my computer at home, never on a mobile phone. If my computer breaks, that's why I have daily, monthly, and semi-yearly backups on separate USB hard drives stored in different locations. I store my passwords locally only, so I only have to worry about someone breaking into my computer, not some server somewhere. I've remembered my master password for many years now, and it's really in muscle memory by now.

    The point is, for my use case a password manger is a good balance between risk and reward. My email does indeed show up on haveibeenpwned as part of several sites' data breeches, but the only thing I've lost thus far is that site's password... which I just change, because it's not used anywhere else so can't be used anywhere else.

    As for "log in with x" services, I will never knowingly use anything from Google or Facebook (I even block google fonts). They are simply evil and anyone who trusts them is mad, IMHO.