-4

People often use insecure passwords or use secure passwords but struggle to remember them. Password managers seem to provide a nigh perfect solution to this, allowing users to create very secure passwords while preventing them from needing to remember all but one of them. Despite this, many people do not use password managers, not even ones built into web browsers like Chrome's. Why is this? If it is because people do not know about password managers, why don't they? Why aren't they mentioned in school, for example?

Kelmikra
  • 193
  • 1
  • 1
  • 7
  • Relevant, possibly duplicate: http://security.stackexchange.com/questions/87008/how-do-i-convince-others-of-the-importance-of-password-management/ – Steve Dodier-Lazaro Feb 14 '16 at 17:19
  • @SteveDL Relevant, but I do not think that is a duplicate. It talks more about why users should use password managers and how to get them to use them, unlike my question, which is about why they don't use them and perhaps, why they shouldn't. – Kelmikra Feb 14 '16 at 17:36
  • I won't participate in any vote since I'm partial here, though I suspect the main reasons why they're not in use is covered in my answer to that question above. Not only must they know it exists and see a good ratio of utility to cost in it, but also bear the cost of migrating. – Steve Dodier-Lazaro Feb 14 '16 at 17:53
  • @Steve DL Though that cost could be prevented by making password managers used by default. – Kelmikra Feb 15 '16 at 19:15

2 Answers2

1

This is going to be a rather subjective question, so don't expect it to be live for long time..

In my case, I don't see any benefit on using a password manager. In fact, I consider passwords managers are a bigger threat than "weak" passwords, for the reason you already mentioned: one password to own them all.

The Illusive Man
  • 10,487
  • 16
  • 56
  • 88
  • I don't see how this question is subjective, as there is an objective answer to why people don't use password managers, even if there is no objective answer to why people should or shouldn't. – Kelmikra Feb 14 '16 at 17:37
  • In what way is having one password to own them all a significant security risk. Though someone could find all your passwords if they knew your master password, if the master password is sufficiently hard to crack, which it should be, the only significant way of finding it I can think of would be for malware to see if on your machine. But malware on your machine could still find all your passwords even if your didn't use a password manager by keylogging, and I think keylogging malware is much more common than password manager-searching malware. – Kelmikra Feb 14 '16 at 17:40
  • 1
    see, you have your opinion about why one password should be enough while I have another opinion, hence, opinion-based question :) – The Illusive Man Feb 14 '16 at 18:10
1

That question has a lot of sub-questions, but I try to answer them as good as I can.

There are two factors why most people don't use special password manager programs like KeePass.

  1. They don't know about password managers and potential benefits
  2. They have heard about them, but don't really care

Using extra software for managing your password may seem reasonable for somebody working in an IT-related field. For most people it is additional hassle. They need to choose a product and learn to use the software. This requires time and effort.

This also answers why people don't use password managers shipped with browsers. If they don't know about that feature and it is disable by default, then how should they use it? In case were it is enabled by default I would think that the statement is false and it would be used very often (this depends on the browser though).

I would even go further and say even many people working in IT don't use password managers either because of 2. or because of technical reasons. Password managers are a potential single point of failure, especially when using online password managers. For proper security you do have to take a closer look at the products and features.

The third point would be, that there are other solutions to the problem. You could simply write the password down. That is pretty much what most people do.

Why password managers are not a topic in school is pretty much obvious. If the teachers don't know about it, how should they teach? Not every school as IT-classes, even those that do likely won't cover such topic.

John
  • 997
  • 5
  • 14
  • "This also answers why people don't use password managers shipped with browsers. If they don't know about that feature and it is disable by default, then how should they use it? In case were it is enabled by default I would think that the statement is false and it would be used very often (this depends on the browser though)." If that is the case, then why don't more people use stronger passwords? As far as I know, Chrome by default asks to save your passwords, so there does not seem to be any cost of making a more secure password. But people still don't. Why? – Kelmikra Feb 14 '16 at 17:44
  • @Kyth'Py1k convenience, simple as that. Even when they don't have to remember it, they need to think of a password. I also guess that most people would still like to remember the password and not rely on the password manager. – John Feb 14 '16 at 19:11
  • They don't really need to think of a password, as they could randomly mash their keyboard. Also, why would they want to remember the password? Isn't that inconvenient? – Kelmikra Feb 15 '16 at 19:07
  • @Kyth'Py1k mosts people that I know, that are not working in IT see it as some sort of auto-complete. But as they don't know how and why the browser remembers passwords, they want to remember their password. That is also why most people still use simple passwords, so they can remember them. – John Feb 15 '16 at 21:59