SoylentNews

What Keeps People from Using Password Managers?

posted by mrpg on Friday June 18 2021, @09:00AM   
from the 00aa23e67f100945c87d19e4012f dept.

An Anonymous Coward writes:

WSJ: What Keeps People From Using Password Managers?

No pay wall: https://archive.is/HCtcT

Many of us are vulnerable to hackers and eager to secure our online accounts, but lots of us also refuse to use an obvious solution: password managers.

Why? Our research has found that the typical reassurances and promises about password managers just don’t work. Fortunately, our research also suggests there are strategies that can persuade people to get past the psychological barriers and keep their data safe.

[...] In a study I conducted with my Ph.D. student Norah Alkaldi, we found that the two most common methods of persuasion were ineffective in getting people to adopt password managers. The first is the “push” approach—the idea that by showing people the dangers of using simple passwords, recording passwords on their computer or using the same passwords at different sites, we would push them to adopt a safer approach. Users, we found, don’t respond to the push strategy.

[...] The other, “pull,” approach—focusing on the positives of password managers—didn’t deliver any better results.

[...] We discovered two types of “mooring factors” that keep people from changing their behavior.

[...] First, there was the effort required to enter all your passwords into the password manager.

[...] People also fear they will lose all their passwords if they forget their master password.

---

Original Submission

• Re:Single Point of Failure? Re:Single Point of Failure? (Score: 4, Insightful) by maxwell demon on Friday June 18 2021, @07:35PM (3 children)

  by maxwell demon (1608) on Friday June 18 2021, @07:35PM (#1147099) Journal

  This program has undefined behaviour because the main function has no return statement.

  The program clearly is C90, as C99 as well as C++ don't allow to omit the return type. In C90, the omitted return type is implicitly int. And while both C99 and C++ generate an implicit return 0 statement in main if no explicit return statement is given, C90 does not do so. And a function with non-void return type that reaches the end of the function without an explicit return statement has undefined behaviour.

  In practice, this code will “just” give some arbitrary exit code, and therefore will appear to work as long as you don't use it in well-written shell scripts or batch files that check for errors on their called programs (and it is, of course, possible that it just happens to give the exit code 0 by chance).

  It is unlikely, but not completely inconceivable that this program is used by a shell script that will break due to the arbitrary exit code, and do so in a way that is exploitable.

  So yes, this program might cause a security vulnerability.

  --
  The Tao of math: The numbers you can count are not the real numbers.

  Parent

  Starting Score:	1		point
  Moderation		+2
  Insightful=2, Total=2
  Extra 'Insightful' Modifier		0
  Karma-Bonus Modifier		+1
  Total Score:		4

• Re:Single Point of Failure? Re:Single Point of Failure? (Score: 0) by Anonymous Coward on Friday June 18 2021, @11:22PM (1 child)

  by Anonymous Coward on Friday June 18 2021, @11:22PM (#1147174)

  The main function has special treatment even before c99. Even if shell scripts have bugs in the face of an arbitrary integer being return to the host environment, that is hardly a bug in the code.

  Parent

  • Re:Single Point of Failure? (Score: 0) by Anonymous Coward on Saturday June 19 2021, @01:20AM

    by Anonymous Coward on Saturday June 19 2021, @01:20AM (#1147199)

    Documentation error, not a bug. Do not rely on the return code.

    Parent

• Everybody! (Score: 0) by Anonymous Coward on Saturday June 19 2021, @01:30AM

  by Anonymous Coward on Saturday June 19 2021, @01:30AM (#1147204)

  Don't invite this guy to your party.

  Parent