Password Personas — Which Are You?

It’s Friday night after work and you’re doing a little online shopping before you head out. You’re browsing a website you haven’t been on before and you were only looking but you find something and decide, why not? The website doesn’t have a guest checkout, and it’s almost time to leave. What do you do? It depends on your Password Persona, your habitual password strategy.

One Password to Rule Them All

Use the same password you use everywhere else? Yikes. But you wouldn’t be alone – 55% of online users do. Which means one password breach unlocks everything from emails to banking accounts to even medical information. The only way you can do much worse is to write the password down on a piece of paper (though opinions on that are changing, as fewer people would have access to a password that’s written down).

Two Tiers of Passwords

Use a burner password or variation on a theme for a website you don’t care about? Better, but not by much. Even if you have super-strong passwords that you use for sites like your bank, using a burner password for other sites still leaves you vulnerable. Just one password gives one more tool for hackers to leverage for hacking into other connected sites. Plus in our example, that easy-to-guess password is still connected to your credit card and no one wants to deal with a hacked card even if financial services companies don’t hold the customer accountable.

Best Practices Password

Use a secure password? Even if it takes a little extra time, it’s the best solution and it puts you in the minority. But what qualifies as secure? That’s been a shifting goal post for many years now. As hackers get more savvy and attacks more robust, our passwords have had to become ever more complicated. Using capitalization, letter substitution, numbers and symbols and increasing password lengths make it almost impossible for human beings to come up with secure passwords they can easily use.

Step in random password generators and, of course, password saving programs. Does the computer you’re browsing on have your password manager? Are you even logged in? Is it even your computer or tablet? But despite their convenience, don’t get too trusting, as even their data can be hacked as in the case of popular password manager LastPass’s recent breach.

The truth is that none of these solutions are perfect, everyone knows it, and we’ve all being saying so for a long time. Not only do we know that we aren’t doing our due diligence when it comes to password security, we’re sure no one else is either.

We can’t get rid of passwords, not yet. Internet users need a way to signal their intent from being an anonymous website visitor to active, legitimate party about to begin a transaction. For the user, that’s the login and the password. But for the business, a password alone isn’t good enough anymore to protect their business or their users. Companies need to look at the behavior that occurs in context with the password’s use and do this by leveraging user behavior analytics.

Pretty soon, which Password Persona you are won’t matter anymore because, simple or complicated, the password won’t be your gatekeeper. The password prompt will ask the question — are you the real you? But it won’t be the password that answers that question. User behaviour analytics will.