Not so long ago one of my favourite podcasts, Reply All, had one of the most accessible pieces I have come across to present the case for using a password manager. I highly recommend listening to it here. That episode drew my attention to a service called Have I Been Pwned, which keeps a record of known data breaches that users can search to see if their credentials have ever been fleeced. A couple of searches and I quickly started finding the email addresses of friends, family and colleagues on the site.
It is all well and good for nerds like me to throw obscure acronyms around and pull out scary statistics. But despite the fact that a good password manager is easy to use – and given five minutes of attention, extremely simple to learn – most people, no matter how smart, will at best smile and nod. Or worse, simply tune out altogether. My sense is that most people either don’t realise how insecure their recycled credentials are, or they think ‘that will never happen to me, I have nothing worth stealing’. I can only hope that wouldn’t apply to experienced researchers and academics, but students too need to be aware of how vulnerable university networks are. There are numerous reasons for hackers to target universities, gaining access to thousands of usernames and passwords chief among them. Because of all this, I believe it is critical for anyone working within the walls of a university – virtual or otherwise – to have a secure means for managing their credentials. To my mind, a password manager is the best solution – it is certainly the easiest.