158 Passwords get hacked every sec, often due to the hassle of remembering numerous passwords.

This is Part 1, of the 3 part series featuring personal cybersecurity challenges for most internet users. These parts are :

1. The What (this post) – What is the state of personal cybersecurity for the average internet user and what keeps the barrier to entry for your cybersecurity, so high ? We explore the current state of personal cybersecurity.
2. The Why (link) – Why has personal cybersecurity become so difficult ? We go over all of the risks that an average internet user faces and try to understand why is the current state of personal cybersecurity in the shape it is today.
3. The How (link) – To solve this massive problem. We will have to come up with new ways of approaching cybersecurity. The the current “how“, is not good enough.

Passwords – So unnatural ..!

Our passwords are one of the most important, yet unnatural constructs created by man. Passion, empathy, creativity, knowledge and more – there are so many qualities you can associate with a fellow human being. The ability to remember passwords is not one of them.

Today, it takes discipline, dedication and a fair amount of digital literacy to be able to defend against the sophisticated cyber attacks that are carried out on a regular basis. With 158 passwords being stolen each second, and a cybersecurity attack occurring every 39 seconds, the scale of the problem is massive. Yet, to be able to tackle the problem in the most basic manner, requires a lot from the average internet user. The ask is so big, inconvenient and difficult that most users are forced to give up on their personal cybersecurity.

A brief history of Passwords

Passwords and it’s forms have been in existence since ancient times. Even the Roman Military used passwords (watchwords) to allow people through their watchtowers.

The Password we know today, was actually conceptualized with the Compatible Time-Sharing System (CTSS) operating system at MIT, in 1961. Since password storage became important, mechanisms to secure it also developed over time. One of the earliest known “hash-functions” for password security were invented by the American cryptographer Robert Morris, in the 1970s. With the success of the Internet and the exponential growth of new websites and apps, the importance and number of passwords grew, and they have now become part of our daily lives.

In 2023 – Where are we now with our passwords?

Let us look at how people deal with passwords in their lines. These are statistics on a holistic password usage perspective:

• 90% of internet users are worried about our passwords and fear having them compromised.
• 67% users reuse the same password in multiple places. 50% of us use the same password everywhere. Half of the internet users keep just one password for everything.
• 60% users use the same password between work and personal accounts.
• 24% of internet users have passwords like “123456” or “password”. “123456” is actually the most common password on the internet.
• Most people use passwords that are less than or equal to eight characters long.
• 40% of us have had our password or a sensitive information hacked/compromised already.
• 70% of youth do not pay attention to password security.
• 90% of today’s passwords are vulnerable to attacks.

If we look at these stats, the first point conflicts with all other remaining points. If 90% of us are really worried about our passwords, then why do we have such bad password practices?

It is hard to maintain your sanity with passwords.

I always knew what the right path was. Without exception, i knew. But i never took it. You know why? It was too damn hard ..!

In 2023 – Why is it so hard?

Passwords everywhere..!

With the influx of new apps and websites, the average passwords used by a person stands at more than 38 passwords. That is a lot of passwords for an average internet user.

Requirements of a ‘good’ password

An ideal password should be :

1. A reasonably good password should be at least 12 characters long
2. It should contain at least one of each –
   • An Uppercase letter
   • A Lowercase letter
   • A Special Character
   • A Number
3. Must not have an easily guessable word in it
4. Must not be similar to other passwords

It is difficult to remember passwords

To be able to practice safe internet security practices, we’ll need to remember at least 38 passwords as that is the number of average passwords an internet user has today, each of them has to be 12 characters long and should not have words that can be remembered easily.

The entry-level requirement to keep your passwords safe, is to remember passwords that are hard to remember, at least 38 of them.

Not only this ask is extremely unnatural, it is extremely impractical too. Unless you devote your life to this mission, it is simply not possible for an average internet user to be safe.

If there is Data, it can(and will be) be hacked.

Although this particular section and topic will be covered in for Part 2 – The Why (link) of this series, it is important to mention that there is currently no good way to solve these problems. Password managers exists, but 65% of us do not believe in them, mainly due to the fact that if there is sensitive data stored somewhere (like our passwords), it gives a lot of motivation to an attacker to attack a service that has access to so many passwords. Getting access to the password manager’s database will give an attacker access to passwords of all the users that use this service.

Given enough resources and motivation, any system can be hacked. The only way to really secure data today, is to not store it in the first place. But then if we do not have access to that data, how do we really manage it?

So there are two big issues that we need to solve for:

• We still need a way to manage our passwords, on all platforms where internet can be used
• We need a way of managing passwords that can secure and manage them; yet, somehow never store them. If passwords are never stored, they cannot be attacked. But then how will they be managed?

Are we running into a chicken and egg problem?

We think not.

Part 3 – The how (link) is where we describe our work on solving this ubiquitous challenge that each one of us face everyday. It is an entirely new way to think about this problem and it’s solution.

The unnatural, impractical need for so many passwords has to be solved forever, with extreme care and sensitivity to the nature and security of the data in question.

Resources

• https://webtribunal.net/blog/password-stats/#gref
• https://jdlt.co.uk/blog/password-security-in-2022/