SoylentNews is people
SoylentNews
WSJ: What Keeps People From Using Password Managers?
No pay wall: https://archive.is/HCtcT
Many of us are vulnerable to hackers and eager to secure our online accounts, but lots of us also refuse to use an obvious solution: password managers.
Why? Our research has found that the typical reassurances and promises about password managers just don’t work. Fortunately, our research also suggests there are strategies that can persuade people to get past the psychological barriers and keep their data safe.
[...] In a study I conducted with my Ph.D. student Norah Alkaldi, we found that the two most common methods of persuasion were ineffective in getting people to adopt password managers. The first is the “push” approach—the idea that by showing people the dangers of using simple passwords, recording passwords on their computer or using the same passwords at different sites, we would push them to adopt a safer approach. Users, we found, don’t respond to the push strategy.
[...] The other, “pull,” approach—focusing on the positives of password managers—didn’t deliver any better results.
[...] We discovered two types of “mooring factors” that keep people from changing their behavior.
[...] First, there was the effort required to enter all your passwords into the password manager.
[...] People also fear they will lose all their passwords if they forget their master password.
(Score: 2) by jdccdevel on Friday June 18 2021, @04:05PM (1 child)
The biggest complaint I have about password managers, as someone who almost never uses them, is they're so aggressive in trying to save a password. Basically anything in a hidden text box gets interpreted as a password, and it's annoying as hell:
- Enter a WiFi Passphrase while configuring a router? Do you want to save that?
- Some other non-login related thing that has a hidden field? Let me save that for you!
- Can't detect a possible username? We'll try to save something anyway!
Also, they're always trying to auto-generate new credentials for me! WTF? I'm setting up a standard login you POS! I don't want your 25 character randomly generated garbage that'll only exist on this particular browser!
Can we please get a standard metadata tag for login forms? At lest then the password manager can stop bugging me every time there's a hidden field in a form FFS!
Also, I've noticed Firefox's password manager is particularly bad at popping up over-top of the box where I'm actually trying to type. Very Annoying!
When I spend so much time telling the thing to GO AWAY, it's hard to think of a case when I'd actually want to use it.
That said, Even if it did work perfectly, all the disadvantages mentioned in other comments still apply:
- It's easy to forget passwords you never use. (I need to log in from a different device, that isn't mine. But I can't because I don't know my password, it's in my password manager on a different PC!)
- Single point of failure. (My HDD Died! Oh NO! Now I lost all of my randomly generated passwords that I'll never be able to recover! I hope I can reset them!)
- Also, they're a massively juicy target for malware. (Compromise dozens of logins all at once, just use an exploit to hack the password manager!)
At least with pen-and-paper, the only exploit available is physical. Keep your passwords on a note in your wallet, and at least you'll be much more likely to know they've been compromised.
It's not as bad as it could be. Single/common sign-on integration has reduced the number of usernames/passwords required in most work environments. Combined with tech like 0-Auth for some websites, that has improved the situation on the web too somewhat.
TL;DR: Annoying when they're not needed. For some situations they are useful, but I'd never use them for anything really important.
(Score: 0) by Anonymous Coward on Friday June 18 2021, @05:53PM
That's why you use a stand-alone password manager program instead of whatever crap the browser provides. Makes life much simpler.