[Part 2, The Why] : To deal with our passwords, we’ve run out of options.

With 70% of young people not paying attention to password security, have we exhausted all of our options that could solve personal cybersecurity?

This is Part 2, of the 3 part series featuring personal cybersecurity challenges for most internet users. These parts are :

1. The What (link) – What is the state of personal cybersecurity for the average internet user and what keeps the barrier to entry for your cybersecurity, so high ? We explore the current state of personal cybersecurity.
2. The Why (this post) – Why has personal cybersecurity become so difficult ? We go over all of the risks that an average internet user faces and try to understand why is the current state of personal cybersecurity in the shape it is today.
3. The How (link) – To solve this massive problem. We will have to come up with new ways of approaching cybersecurity. The the current “how“, is not good enough. (link)

Passwords – Current solutions are not the solutions we want.

To explain the point, let us compare the process of learning to manage our passwords, with learning to drive.

This is how it looks :

Cybersecurity is difficult. There is no denying that. In Part 1 of this series, we discussed the scale of passwords hacks (158/second) and yet most people do not feel motivated enough to take cybersecurity seriously.

Here are the main reasons as to Why are we in this state now :

1. Managing so many passwords is difficult, given that passwords are an unnatural constructs derived from the eventual evolution of digital security systems.
2. In the absence of a simple solution, the current way of managing passwords has been forced upon most of the internet users of today. Nobody remembers passwords willingly.
3. The Current Password Management systems are simply not enough. They fail to address the main issues around passwords : usability, ease-of-use and most of all – lack of motivation for the average user.

Why are today’s Password Managers ineffective?

Most people do not feel motivated enough to use a current generation password manager.

An Online Security Survey by Google (link) shows that :

• Just 15% of internet users actually use password managers
• Many people say that they need a better way to track passwords

So we all see a problem. A problem that has not been solved yet. The problem that the current generation of password managers simply cannot bring in the motivation required for the average internet user to get into personal cybersecurity.

Lots of Reasons

Here’s what we think are the main reasons behind our obliviousness towards current-gen password managers :

1. Current-Gen password managers solve passwords, with passwords.

The way our password managers work today, is by asking you to remember a long, difficult password. This becomes your master password and then gives you access to the main password vault. In practice, users now forget their master passwords…. because … they are … well, passwords; and passwords are unnatural and hard to remember.

2. Password Management platforms are not inter-operable.

If you use an iPhone, and want to try an Android phone (or vice-versa), chances are that you will have to work it out to get your passwords into the other ecosystem. Apple’s Keychain won’t work on Android and if you’ve used the Chrome Password Manager, it wont export passwords to your iPhone out of the box either. (It is important to note that there are some password management solutions that solve this problem however)

3. Fatigue due to the current Password experience.

Since remembering passwords is hard, it leads to an experience that is undesired by most people. Being forced to login is reminiscent of something that is forced upon us, and we just want to “get over it” and proceed to the next step. The average internet user wants to get access to the content quickly, and wants to spend less time in authenticating. This is because the content is generally more interesting, entertaining, fun and a much better experience overall. Dealing with passwords is not an experience at all. This is the primary reason for most users having little-to-no motivation towards cybersecurity.

4. Trust Issues.

A lot of internet users do not trust current-gen password managers. People most commonly fear that hackers can breach these password management platforms. This is a fear we share with them. The only way to really secure data today, is to not store it in the first place. But then we recall the chicken and egg problem from Part 1 of this series – how do we manage information if we do not store it in the first place? We need to solve this problem as well.

The Solution : Making passwords an experience, without storing them.

A Good Experience

The thrill we get when watching our favorite movie, or a favorite series on a streaming service. We keep coming back to good experiences. What if we can turn the process of logging-in, into a great experience ? We feel that a great experience is the only way to bring in the motivation. We aren’t discussing the different “experiences” passed on as flavors of cybersecurity. Our goal is to revolutionize the experience of the Master Login in a way that the user simply won’t forget it.

If people have a good time with something, they’ll like it. There is going to be a motivation to experience something nice. Again, and again.

This brings us to the final part of the series – Part 3 (link).

Users Need to Love it

Those involved must participate to solve personal cybersecurity. There needs to be a re-imagination of the cybersecurity solution, without hanging on to the way we have been doing things all this while. To motivate and drive those most impacted by password hacks, we need to do this.

The Wii Fit gaming console, which gamified physical exercise, serves as the source of motivation here. When we bring in a fun element into something too monotonous and boring, it brings in the motivation too.

But remember, we still haven’t talked about the trust issues we have with our password managers today, mainly because if they store our data, the data may be hacked.

No Data Storage = No Data Stolen

How in the world is it possible that we can manage password without storing them? This is a topic that requires and deserves it’s own explanation. We created MagicPass^TM to specifically solve this problem; which is a novel, storage free password that is never gets stored on any infrastructure, and can be regenerated on demand. We will be covering it in a separate blog post.

Now in Part 3, lets us gamify cybersecurity. (link).

References

• https://webtribunal.net/blog/password-stats/#g
• Click to access PasswordCheckup-HarrisPoll-InfographicFINAL.pdf