SoylentNews is people
SoylentNews
WSJ: What Keeps People From Using Password Managers?
No pay wall: https://archive.is/HCtcT
Many of us are vulnerable to hackers and eager to secure our online accounts, but lots of us also refuse to use an obvious solution: password managers.
Why? Our research has found that the typical reassurances and promises about password managers just don’t work. Fortunately, our research also suggests there are strategies that can persuade people to get past the psychological barriers and keep their data safe.
[...] In a study I conducted with my Ph.D. student Norah Alkaldi, we found that the two most common methods of persuasion were ineffective in getting people to adopt password managers. The first is the “push” approach—the idea that by showing people the dangers of using simple passwords, recording passwords on their computer or using the same passwords at different sites, we would push them to adopt a safer approach. Users, we found, don’t respond to the push strategy.
[...] The other, “pull,” approach—focusing on the positives of password managers—didn’t deliver any better results.
[...] We discovered two types of “mooring factors” that keep people from changing their behavior.
[...] First, there was the effort required to enter all your passwords into the password manager.
[...] People also fear they will lose all their passwords if they forget their master password.
(Score: 4, Insightful) by throckmorten on Friday June 18 2021, @01:20PM (9 children)
Still waiting for someone to explain what's wrong with writing them on a piece of paper.
It's fundamentally no different than a password manager, suffers from the same downsides (theft, loss, ability to be compromised, etc) and it's a lot easier to use
(Score: 2) by helel on Friday June 18 2021, @02:22PM (1 child)
From a certain point of view the lack of a subscription fee would be a serious flaw...
I think writing down passwords gets a bad rap because of the post-it note on the monitor at work. Lots of (older) people have used written passwords and then left them visible in public spaces making the entire idea seem bad when in truth it's perfectly secure in your own private space.
Republican Patriotism [youtube.com]
(Score: 0) by Anonymous Coward on Sunday June 20 2021, @03:32PM
It has a bad rap because it's easy to lose the sheet, hard to back up, gives them all of your passwords and limits the length and type of passwords. It fails on just about every level other than being remotely accessible.
Really, the right thing would be for the people running the sites to be held accountable for not allowing proper 2FA like FIDO or the like along with secure passwords. I've encountered far too many sites that either don't authenticate the passwords as they're being set or just silently truncate to fit the character limit. And don't even get me started on character limits, there should never be a maximum character limit.
(Score: 2) by Freeman on Friday June 18 2021, @03:35PM (1 child)
Writing down your passwords is actually more secure in some ways as a random hacker on the internet has no way to see your notes. In the event that someone has physical access to your house / machine, you've already lost anyway. Still, it's pretty stupid to write down your password in a public work space, or even a "private" work space that is shared with your colleagues.
Joshua 1:9 "Be strong and of a good courage; be not afraid, neither be thou dismayed: for the Lord thy God is with thee"
(Score: 0) by Anonymous Coward on Sunday June 20 2021, @03:35PM
My password manager isn't accessible via the internet without me personally handing the encrypted database to a 3rd party. A cracker is not going to randomly break into my computer hoping to then break into my password database, that's far more work than compromising the sites I use or phishing for the credentials.
(Score: 1, Informative) by Anonymous Coward on Friday June 18 2021, @07:47PM (3 children)
The downside to writing passwords on paper is you can't cut and paste them into password prompts. This eliminates the possibility of difficult random string passwords. Nobody has time to squint at paper and flawlessly retype a collection of gibberish.
(Score: 0) by Anonymous Coward on Friday June 18 2021, @09:49PM (2 children)
Really, I hope you're not putting your passwords into paste buffers.
(Score: 0) by Anonymous Coward on Saturday June 19 2021, @06:47AM
Really, you should not even touch the keyboard. I saw on Jason Bourne they got the password from how worn out some of the keys were. Noobs.
(Score: 0) by Anonymous Coward on Saturday June 19 2021, @06:55AM
If something is reading your paste buffers, your computer is already hopelessly compromised. You already lost.
(Score: 0) by Anonymous Coward on Saturday June 19 2021, @02:55AM
It depends on what your treat model is. I have a number of SSH passwords and TOTP tokens written down because what I am protecting them from either won't have access to where they are written or if they do have access to them then they don't matter anyway. The only real downside of writing them down is that it lowers the entropy people use because we still teach people that "$3cUr3?" is better than "A somewhat long (and convoluted) passphrase for SoylentNews that I can remember and transcribe easily, whenever I need to do so!"