From PC Mag
Password Managers: You're Doing It Wrong
By Neil J. Rubenking
If we’ve told you once, we’ve told you a million times—get a password manager and use it! Judging from the financial success of the password manager market, you’re paying attention. But are you using your password manager correctly?
Stuart Schechter, Lecturer and Course Lead for UC Berkeley’s Usable Privacy and Security [course], worries that you’re not. So much so that he encouraged his graduate students to find out just what you’re doing. At the virtual RSA security conference this week, Schechter and grad student David Ng revealed their findings...
“Do not assume that people will choose strong master passwords,” [Ng] said. “Do not assume that they’ll use passwords created by the password manager. And do not assume that they’ll replace weak, reused, or compromised passwords, even when reminded.”
Stuart Schechter is a lecturer in the Master of Information and Cybersecurity program. His areas of focus include security, human-computer interaction, and distributed systems.
David Ng is an alumnus of the Master of Information and Cybersecurity program (MICS 2021).
Schechter and Ng presented this research at the RSA Conference in May 2021.