Passwords user types

Wouter
  1. Wouter
  2. co-founder @ Chiff

Since the beginning of the Internet, passwords and usernames are the default authentication method. We all have many accounts for social media, webshops and email services. On average, we have over 35 accounts per person. Everyone has developed their own way of managing their accounts over the years. In this blog post, we will present six methods people use to remember their credentials and how secure each type is. What user type fits you the most?

1. One password for all websites

Of course, this is is the most easy method. People use the same password for each website over and over again. Unfortunately, this is very insecure, even if you use a very complex one. Every now and then a website's database gets breached, resulting in major data leaks. On the website HaveIBeenPwned, all known data breaches have been collected. You can securely check whether your password has been exposed. Hackers collect these username/passwords combinations in dictionaries and try them out for other websites as well. Thus, if you use the same combination elsewhere on the Internet, you're at much greater risk that hackers take over your account.

2. +/- 3 passwords categorizing per website

Many people use multiple passwords that vary per website category. For important services like banking, email and social media, they use the same complex password. Then, for webshops and gaming accounts, for instance, they use another more easy password. And maybe they have a fallback password which they use if a password needs to be changed after a certain period. Although it is more secure than reusing the same password every time, the same problem occurs. Reusing passwords is never a safe idea!

3. One basic password varying per website

Another strategy many people use, is a basic password which is altered per website according a certain logic. For example, you can append the color of the website's logo to the password. You can also add the domain or the purpose you use it for. This strategy is more secure because you don't immediately risk a dictionary attack once a websites has been breached. Therefore, scripts won't succeed in taking over your accounts on other websites. However, a human could understand your logic and try to compromise your accounts elsewhere. Ideally, you would have complex passwords that have nothing to do with the website or account itself.

4. Unique passwords stored offline

The last three user types all focus on unique/complex passwords. However, the problem is: how do you remember it? This is practically impossible, so some people decide to write them down offline. They keep a note in their wallet or a booklet somewhere safe, in which all combinations are written down. This feels rather secure, because someone needs to break into your personal stuff in order to hack you, but if they succeed or you lose the note, all your credentials are gone. Besides, there are some usability issues, since you always need to carry the note or booklet with you. And if you change your passwords, you must change them in your note(book) as well, which can get very messy after some time.

5. Unique passwords unencryptedly stored on your computer

Some people also decide to store the passwords on their computer unencryptedly, which is very insecure! If someone has access to your computer, he immediately has access to all your accounts as well. Saving your passwords in a file called 'miscellaneous' or 'holiday plans', maybe sounds smart, but hackers can search your computer very fast and will eventually still find the secrets. You can compare this strategy with a hidden box in your garden, which everyone could open if they find it. You wouldn't keep your secrets in such a box, right?

6. Unique passwords encryptedly stored on your computer

The best way to store your unique and complex passwords is to save them encryptedly. Therefore, you can encrypt the password file yourself, or you could use a password manager. You can compare this with a safe, of which you are the only one with the key to unlock it. This is the definitely the most secure solution. However, it often suffers from a usability point of view. For instance, you need to manually copy paste the passwords, it doesn't easily syncronize between your devices or you still need to remember one complex password.

Conclusion

So, which type of user are you? Of course, it's possible that you recognize yourself in a combination of user types. According to a little research we did, most people are of type 2, followed by type 3. We've found that people make a trade-off between security and usability, mostly based on their personal preferences. Do you value security more than usability?

If you have any additional questions or remarks regarding this post, feel free to drop us an email. We're happy to talk to you!

Wouter
  1. Wouter
  2. co-founder @ Chiff