How many passwords can you remember? Get ready to remember more

password
Credit: CC0 Public Domain

Got too many passwords to remember? Just wait. It's going to get a lot worse.

Average consumers five years from now may face double the demands for , said Emmanuel Schalit, chief executive of Dashlane, a consumer password security company.

Schalit and other experts predict that passwords will explode in further use before they eventually fade, replaced by new technology.

Digital devices in homes are growing more numerous, but Schalit said the real driver behind the steady increase in the need for passwords are the sprawling number of accounts for consumers to obtain public services, interact on healthcare and education websites and deal with retailers.

"The problem is not passwords. The problem is to ask humans to memorize and manage hundreds of them," Schalit said.

Dashlane, headquartered in New York City, estimates that the average American currently has about 200 accounts that require some sort of password identification, and that number will rise to 400 within five years or so.

One expert believes Dashlane's forecast is low.

"I think they are being conservative. I think we will have more," said Tom Galvin, executive director of the Digital Citizens Alliance, a nonprofit focused on internet consumer safety.

Some consumers simply give up at the constant demand for passwords, re-using the same password over and over again, a practice that makes cybersecurity experts cringe. If hackers compromise any single account, they can access a victim's other accounts.

That's why some , big retail outlets and other businesses are moving toward biometric identifiers such as fingerprints, iris and voice scans, and facial recognition tools.

But those identifiers aren't foolproof either.

"Your fingerprints are exposed. Your voice is exposed. The iris of your eye is exposed. ... If your biometric information is stolen, you can't replace it. ... It is compromised forever," Schalit said.

Those dangers were underscored when foreign hackers in 2015 filched about 21.5 million from the Office of Personnel Management, which is essentially the human resources office for the federal government. Among the records stolen were usernames, passwords, Social Security numbers, and home addresses, but also the detailed, deeply personal information that is included in applications for security clearances, including the contact information for all the applicants' friends and family. Hackers also got away with at least 5.6 million fingerprints. Chinese hackers were later charged in the breach.

The pace of hacks is only quickening. Last month, Marriott International acknowledged that of up to 500 million guests had been lost during a four-year period in which hackers lurked in the Starwood guest reservation system. Secretary of State Mike Pompeo last week confirmed that China was also behind that breach.

Schalit said since roughly two-thirds of consumers re-use variations of the same password on multiple sites, in all likelihood hundreds of millions of Marriott guests are likely to have other accounts that are potentially easily vulnerable to hackers.

For many consumers, password fatigue set in long ago. Some simply click on "forgot password" on less-used websites and start the process over again.

Then there are those like music impresario Kanye West who opt for the simplest passwords imaginable. During a meeting with President Donald Trump in the Oval Office on Oct. 11, West typed his passcode into his iPhone as television cameras zoomed in. It was "000000." Dashlane dubbed that the worst password blunder of 2018.

Only some 20 million consumers worldwide use password managers offered by companies like LastPass, 1Password, Dashlane, EnPass, LogmeOnce and True Key. In most cases, those services create a unique password for each site a consumer visits and stores them in an encrypted repository with a master password. The consumer only has to remember one password.

Andrea L. Limbago, chief social scientist at Virtru, a data protection company in Washington, said passwords are likely to be phase out within a decade.

Passwords today are limited to letters, numbers and symbols, she said, but data scientists are already working on other identifiers.

She said she witnessed a recent demonstration of the use of colors, emojis, videos and images, sometimes in combination, as passwords.

"It worked well. It's not something that's commercially available. But it works," Limbago said.

Future log-in sites may show consumers things like a large palette of colors, she said, and allow them to combine those with other nearly limitless identifiers.

"That's much easier for us as humans to remember versus the super long passwords that are more rigorous and secure but are really, really super hard to use," Limbago said.

In the meantime, though, Galvin said one of the best thing can do is to change passwords routinely. If hackers obtain older, obsolete passwords, they will prove useless.

"It's like having an old key to my house. It really doesn't matter," Galvin said.


Explore further

'Donald' makes annual list of worst passwords of the year

©2018 McClatchy Washington Bureau
Distributed by Tribune Content Agency, LLC.

Citation: How many passwords can you remember? Get ready to remember more (2018, December 16) retrieved 23 January 2019 from https://techxplore.com/news/2018-12-passwords-ready.html
This document is subject to copyright. Apart from any fair dealing for the purpose of private study or research, no part may be reproduced without the written permission. The content is provided for information purposes only.
47 shares

Feedback to editors

User comments

Dec 16, 2018
The problem is not the number of passwords we must manage -- though that is a part of the problem. The real problem is that we are forced to use short, easy to hack passwords.
Usually, the password is required to be 8 to 10 characters long with upper and lower case characters, a symbol and a digit. So you get things like Passcode#1. This is not difficult to brute force.

Having a large and unrestricted field would be easier to remember and would be much harder to hack: "Mary likes blueberry pancakes with spaghetti sauce for breakfast." is much harder to hack and is easily remembered.

Dec 17, 2018
Good luck remembering a hundred variants of that! I'm reminded of one of the mazes in the classic Colossal Cave Adventure:

YOU ARE IN A MAZE OF TWISTY LITTLE PASSAGES, ALL DIFFERENT.
YOU ARE IN A LITTLE MAZE OF TWISTING PASSAGES, ALL DIFFERENT.
YOU ARE IN A MAZE OF TWISTING LITTLE PASSAGES, ALL DIFFERENT.
YOU ARE IN A LITTLE MAZE OF TWISTY PASSAGES, ALL DIFFERENT.
YOU ARE IN A TWISTING MAZE OF LITTLE PASSAGES, ALL DIFFERENT.
YOU ARE IN A TWISTING LITTLE MAZE OF PASSAGES, ALL DIFFERENT.
YOU ARE IN A TWISTY LITTLE MAZE OF PASSAGES, ALL DIFFERENT.
YOU ARE IN A TWISTY MAZE OF LITTLE PASSAGES, ALL DIFFERENT.
YOU ARE IN A LITTLE TWISTY MAZE OF PASSAGES, ALL DIFFERENT.
YOU ARE IN A MAZE OF LITTLE TWISTING PASSAGES, ALL DIFFERENT.
YOU ARE IN A MAZE OF LITTLE TWISTY PASSAGES, ALL DIFFERENT.

Dec 17, 2018
I have to keep an encrypted file with all my usernames and passwords now when the passwords are short and easy to hack. I could as easily keep a file with hard to hack passwords.

If you can form unrestricted passwords, you can choose a sentence which has meaning to you for the site you are creating a password for. This can help you remember the password.

Dec 20, 2018
I use excel and password generator https://randompas...tor.org/

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more