Fifty-eight per cent of poll respondents have over 20 password-protected online accounts or simply too many too keep track of. Twenty-seven per cent have between 11 and 20 password-protected accounts and 15 per cent have under 10. But even with so many accounts, just 40 per cent use a password manager to keep track of them.
Encouragingly, just over half (57%) of poll respondents changed passwords after hearing about Heartbleed. Of poor password habits, the most common was using the name of a family member. The next most common poor password habit was using a pet name, and then using generic passwords like “Password” or “123456.”
Post-Heartbleed, it’s especially important to pay some attention to passwords. But getting all one’s passwords in order – setting a unique, strong password for each individual account – can seem like too big a job, which is why many aren’t doing it. And there’s a lot of advice out there on how to generate and manage passwords. What’s the average person to do? Sean Sullivan, Security Advisor at F-Secure shares the one fundamental tip that everyone should remember:
“Identify the critical accounts to protect, and then make sure the passwords for those accounts are unique and strong.”
Sullivan’s advice takes into account the fact that many people have accounts for services where little personal information is stored. “If you created an account for some website and there’s hardly anything more in there than your username and password, then that’s probably not a critical account,” he says. “But your Amazon account with your credit card info, your bank account, your primary email accounts, the Facebook account with your life story, these are examples of the critical ones. If you don’t have time or inclination to tackle everything, at least take care of those.”
A prime example of a critical account is an email account that is used as the point of contact for password resets on other accounts. For these “master key” accounts, it’s a good idea to activate two-factor authentication, if available.
But how to protect those critical accounts? Use a secure password manager like F-Secure Key. F-Secure Key stores passwords, usernames and other credentials so you can access them through one master password. It includes a password generator that helps create new passwords that are safe and unique. F-Secure Key also contains a built-in newsfeed from F-Secure Labs to let you know about major hacking incidents.
Your data right on your device
With F-Secure Key, there’s no need to worry about where your password data is being stored. It’s stored and accessed locally using strong encryption right on your device. And if you choose to upgrade to the premium version you can synchronise your encrypted password data across all your devices. Synchronisation happens securely using an encrypted connection.