Throughout October this year, many tips for National Cyber Security Awareness Month focused on the password problem, including the usual warnings about weak passwords and the same password used in multiple places (known as “password re-use”). Every one of those tips (including more than one written by me) advises the use of a password manager to solve the password problem. I often wonder why my friends and family start to inch away when I begin one of my epic “use a password manager” lectures. However, earlier this week, I watched my wife struggle with a password change while using the house-imposed password manager. (I run a tight ship.) My wife (a bright psychotherapist who has prevented more than one suicide during her career) could not understand what was going wrong when she was trying to change her password. The site she was on indicated that she successfully changed her password, but due to some of the new security controls in use on some sites, the password was not updated in the password management software. How can a person who understands how the human mind works have such a hard time figuring out something as simple as a password manager? It then became clear to me what the problem is. We security professionals take for granted that the rest of the world knows how the internet works. As a simple experiment, ask your non-techy friends the following question: Who controls the internet? Please keep a straight face as they respond. Considering the fact that most of your friends will think that the internet is controlled by Google, Facebook, the Government, or Twitter, is it any wonder that a password manager can be a huge challenge? What we as security folks have to do is first understand how our friends and family see this mysterious entity known as the world-wide-web. Once we make that connection about their perspective of the web, we can then start to understand how explain how the pieces fit together and how password managers integrate into that mystery. This is a slow process, and it will only be achieved through time and patience, a characteristic that many of us in the security community lack. There is a magnificent TEDx talk delivered by a magician who explains that truly understanding another person’s perspective can help to make the connection required to bridge seemingly impossible gaps. We cannot expect that our mere utterance of security directives, such as “use a password manager,” will influence others without first understanding that their discomfort with increased security is not caused by apathy but by fear of the unknown. This can seem like a monumental and impossible task, but it can be done. Let’s muster up some patience and think more about how our audience experiences the web rather than our knowledge of it. If you find yourself losing your cool, I know a person who can talk you off of that ledge.
About the Author: Bob Covello (@BobCovello) is a 20-year technology veteran and InfoSec analyst with a passion for security topics. He is also a volunteer for various organizations focused on advocating for and advising others about staying safe and secure online. Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc. Title image courtesy of ShutterStock