Passwords should be safe – we all know that. But how can we achieve it? My opinion is: Today, there is no way to find a satisfying solution. I will explain why and try to find solutions from user perspective.
How people handle passwords
Which passwords do you use in the internet? Would you consider them to be safe? While talking with people, I get the impression there is mainly three categories, how people deal with that problem:
- People, who do not care at all. main goal is to remind the passwords. Often used are passwords like “qwerty”, “123456”, “password” or the name of the pet (or wife/husband). The password is the same on each login page on the internet.
- People, who make a science out of it. They use different passwords for each login and choose passwords with maximum security (mixture of letters, capitals, numbers, special characters). Those can only be stored in Password safes, because nobody can remember them anymore. (A password safe is an encrypted piece of software keeping lots of passwords with information of username, URL, etc. Usually you just need to remember one single password to unlock it.)
- People using mainly one password, which is hard to guess (like sentences with some replaced characters (e.g. “n0b0Dyc4Nr3aDTh!s”).