ONE of the most useless “good practises” advice that always seems to be included is the “don’t re-use passwords on different websites”. Seriously can you expect someone to remember 200 different passwords?
This might have been a good advice back in the 90’s where you maybe had a geocities account, but now the avarage internet user have almost 200 online accounts. (A sruvey showed that the avaarage UK consumer had 118 online accounts in 2015). So that makes me wonder, do the people giving these type of advice have 200 different passwords?… nah probably not.
So what is the alternatives? Multifactor authentication? password vaults? Both of them are of course good alternatives that will provide you with additional scurity, however my experience is that both MFA and password managers tend to raise the bar a bit to high for Average Joe and eyes tend to glaze over when I start talking about MFA and password managers and they and up with concluding that this is too cumbersome. This might ofcourse be due to my lack of communication skills 🙂 , however people tend to be lazy and shy away form anything that might make their day more difficult. (quilty as charged)
So I will not present a solution o this issue in this post, but maybe the “don’t reuse passwords” advice needst to be rephrased that makes it more likely to be adopted. E.g. “Don’t reuse passwords for important online accounts, such as social media, email and internet banking” If you are lucky you might be down to 10 passwords that you need to remember. And remember to WRITE THEM DOWN, on a piece of paper in a closed envelope. (the good old fasion analog method, not in an excel sheet stored on your computer or one drive.
What about the rest of the 190 online accounts? a good option for the websites you visit most frequiently is to have a set of 5-6 passwords that you can jougle between the different websites. For the rest of the websites that you maybe visit 2-3 times a year? use a random string of characters and use the “I have forgotten my password” function next time you visit.
….Or here is a wild idea… use multifactor authentication and password managers