SoylentNews is people
SoylentNews
WSJ: What Keeps People From Using Password Managers?
No pay wall: https://archive.is/HCtcT
Many of us are vulnerable to hackers and eager to secure our online accounts, but lots of us also refuse to use an obvious solution: password managers.
Why? Our research has found that the typical reassurances and promises about password managers just don’t work. Fortunately, our research also suggests there are strategies that can persuade people to get past the psychological barriers and keep their data safe.
[...] In a study I conducted with my Ph.D. student Norah Alkaldi, we found that the two most common methods of persuasion were ineffective in getting people to adopt password managers. The first is the “push” approach—the idea that by showing people the dangers of using simple passwords, recording passwords on their computer or using the same passwords at different sites, we would push them to adopt a safer approach. Users, we found, don’t respond to the push strategy.
[...] The other, “pull,” approach—focusing on the positives of password managers—didn’t deliver any better results.
[...] We discovered two types of “mooring factors” that keep people from changing their behavior.
[...] First, there was the effort required to enter all your passwords into the password manager.
[...] People also fear they will lose all their passwords if they forget their master password.
(Score: 3, Flamebait) by dltaylor on Friday June 18 2021, @11:13AM (5 children)
Are we emulating the "other" site now, doing market research for a possible product?
All of the listed reasons are, by themselves, sufficient; in aggregate, a full-on condemnation.
The master password is both a single point of failure for security and user access. If cracked, all logins are compromised, if misplaced/forgotten users can't access their data.
Data entry on the master is a pain, both for the initial set and for updates.
Maybe, if your persuasion is not working, that is a clue that the idea is not strong enough, so you should just quit and work on a different idea.
(Score: 4, Informative) by martyb on Friday June 18 2021, @12:42PM (3 children)
No!
We never have. Period. And I cannot imagine a case where that would even be proposed.
Remember "Buck Feta"?
Further, at the time SoylentNews got started, there was some discussion among staff of possibly offering something like a single static banner advertisement on the main page as a way of financing the site... that discussion lasted for maybe a week or two and was soundly rejected as a possibility.
It was decided that, rather than trying to make a profit and pay staff for their efforts, we would remain a purely volunteer organization and rely entirely on voluntary subscriptions to the site. Tht's been working for us for 7+ years!
community++ !!!
Wit is intellect, dancing.
(Score: 1, Insightful) by Anonymous Coward on Friday June 18 2021, @01:36PM (2 children)
(Score: 5, Informative) by martyb on Friday June 18 2021, @02:11PM (1 child)
Excellent point.
Except then there comes the hassle of contacting companies to sell the ad space to them, or to sign up with an agency and the need for ongoing communications with them to keep it all up and running. These days, with how ad rates have plummeted and given our site activity level, any income we might receive for static ads would be negligible. Then again, that leads to overhead for people's time to actually operate a "sales function" and tracing sales, and profits, and reporting on taxes, and so on. It is a non-trivial and time-taking effort. Again, the potential incomer would be marginal compared the work required to set up and operate a system. And that is ignoring how many ads would be blocked by the community! I know I would block them! Ads were deemed "Not. Worth. It."
Further, by NOT running ads, we retain our actual and perceived independence of the stories we run on the site.
Remember when slashdot seemed to run a story each week about bitcoin? I have no proof, but I do have strong suspicions, that they were mining bitcoin on their servers using spare computes. Think of how many nerds would follow a link and "slashdot (v.)" a site listed in a story. Slashdot had to survive slashdotting *themselves* with their *own* servers being hammered by nerds with high-speed connections. So they had to handle a high peak load... and had computes to spare during "off hours"/ (Think: nighttime in the US.
Like I said, I have no proof, but I see too strong a correlation to think otherwise. Thus, their journalistic independence was cast into doubt.
tl;dr: non-trivial overhead, minimal income, and a hit on our perceived and actual independence... seems to me to be not worth it.
Wit is intellect, dancing.
(Score: 0) by Anonymous Coward on Saturday June 19 2021, @06:39AM
Not to mention, us AC shitheads would rip it mercilessly. Rightly.
(Score: 0) by Anonymous Coward on Friday June 18 2021, @12:46PM
I have been using PwdHash [github.io] since I first read about. Judging from the date on the website, that was probably in 2006. It takes the web address and an inputted password and generates a unique hash to use as that site's password. Unfortunately it has not been developed in a number of years, so it is showing its age. In particular, the hashes are intentionally crippled to try and be as universally valid with the terribly restrictive password requirements of the time. I have seen a few other versions of this idea when installing the Android version for use on mobile, but that is a lot of inertia to overcome for me, so I have not checked out if they are any better. I also managed to get locked out of a banking site after their upgrade included a URL migration.
I always try and hijack Password Manager discussions to include password hashing as I believe it to be a much more sensible solution, especially if asinine password restrictions get sorted out (looking at you Android).