undefined | Better HN

0 pointsThePowerOfFuet1y ago0 comments

Because ≈everyone reuses passwords and so accounts get taken over.

0 comments

A majority of internet users (>60% in 2024 and growing) use password managers and don’t reuse passwords.

In my experience 60% seems too high even for supposedly technical users (ref: I work in a dev firm), at least away from their jobs.

I definitely don't believe it for the wiser population (my gut, again based on people I know, says the number is more like 10%, maybe 15). Even the 36% figure on the report on security.org posted above seems dubious, I suspect they have some bias in their survey. Unless that is some people who use the iCloud password manager for some things and no password manager for everything else, so it isn't claiming 36% routinely use a password manager away from a few key accounts.

JW_000001y ago

Do you have a source for that number? 60% seems extremely high based on non-technies I know.

mooreds1y ago

Agreed. I'd be thrilled if it were true, though! Because password reuse (esp without MFA) is a big problem.

sebastiennight1y ago

This is an extraordinary claim on two counts:

1. Sixty percent seems astronomically high, do you have a source?

and

2. Most "normal" non-tech-savvy people I know who do use a password manager (which I've typically installed for them), are revealed a while later to still use a variation of password reuse : either storing the same password per category of websites, or having a password template they use on all sites, e.g. "IdenticalSecretWord_SiteName"

lkbm1y ago

I don't have the source, but don't think 1Password/LastPass/KeePass. Think the "would you like to save this login" built in to Chrome, Firefox, Edge, Windows, and iOS. These days, you have to opt-out of password management.

schnable1y ago

Right, use of a Password Manager does not imply they are using Password generation - it may just mean they click "Save this password" after logging in using a re-used password.

ctxc1y ago

I'm surprised. >60% seems high even for tech literate software engineers!

wccrawford1y ago

https://www.security.org/digital-safety/password-manager-ann...

36%.

sam_lowry_1y ago

So what?

victorbjorklund1y ago

1) It means your users will complain that their account was hacked (even if it was their fault) and might cancel their service

2) hackers can exploit your system which hurts you (you are a VPS provider and someone mines crypto and you have to wave it for PR) or you run an email service and someone uses your app to spam (which hurts your email rep) etc.

j / k navigate · click thread line to collapse