Password Management: Why the Cybersecurity Community is Sending the Wrong Message to Consumers
In recent months, the password manager industry has taken a significant cyber hit. In December 2022, one of the world’s most popular password managers, LastPass, notified its customers of a massive breach that exposed customer data and put their password vaults at risk if weak passwords were used.
Less than a month later, Norton LifeLock alerted its customers to a data breach of Norton Password Manager. Usernames, passwords, and personal information had been compromised.
And just today, one of four LastPass employees with corporate vault access were targeted on their home computer, resulting in the entire company vault being taken.
How did it come to this? How did the cybersecurity community – and the companies we trust with our digital crown jewels – mess up password management, safes, and vaults?
Cyber security experts have consistently emphasized the importance of storing all passwords in a password safe to boost personal online security.
Why are consumers being told it’s that simple? In my opinion, it’s the wrong message entirely.
A “boil the ocean” approach is misleading
A better approach to personal cybersecurity is for consumers to steadily increase their cybersecurity posture year-over-year. Like losing weight or getting in shape, it’s a marathon not a sprint. With this mindset, their security habits and practices improve over time.
In my opinion, here’s what the cybersecurity community should be preaching:
- Passwords are tough to manage. We recognize that.
- Instead of trying to secure every password, focus on the top 10 passwords/websites and protect just those with a password vault. Think banking/credit card, email, healthcare, and social media websites – and nothing more. Store these credentials in a password safe.
- Establish multi-factor authentication, such as selecting to receive a text message to confirm your identity, each time you log-in to key websites.
It’s that simple. No need to boil the ocean. No need to store credentials for 300 websites and waste time importing them into a password manager. Instead, consumers ought to protect their digital life only where they know it will create a huge problem if these sites are hacked.
The goal is to get from 5% secure to 80% secure. That’s a delta of 75 points – huge! Then keep building on that over time. Don’t create messaging that prompts consumers to go straight to 80% secure or they will do what most people do 3 months after a New Year’s resolution . . . nothing at all.
Focus on what matters most
It is time for the cyber community to start giving consumers (who don’t live, breathe, and eat this stuff every day like we do) some advice on how to build personal digital peace of mind.
One Oreo cookie a week isn’t going to mess with weight loss, and taking a walk around the block twice a day is a step in the right direction. The same is true for cybersecurity hygiene. Focus on what matters most and keep improving.
Get true peace of mind
If you’re an executive or board member and are looking for true peace of mind, click here to speak with a BlackCloak representative about implementing a personal cybersecurity and digital privacy protection strategy that protects your life online.