Uninformed: Informative Information for the Uninformed

Vol 7» 2007.May

Managing Multiple Passwords

Two of the largest problems with password authentication relate directly to the user and how the user manages passwords. First, when users are not allowed to write down their passwords, they generally will choose easy to remember passwords which are usually much easier to crack than complex passwords. In addition to choosing weaker passwords, users are more likely to re-use passwords across multiple authentication systems.

Users have an inevitably difficult time memorizing assigned random passwords[5] and passwords of a mandated higher level of complexity chosen themselves. When allowed, they may write down their passwords in an insecure location such as a post-it note stuck to their computer monitor or on a note pad in their desk. Alternatively, they may store passwords securely, such as a password encrypted file within a PDA. However, a user could just as easily lose access to the password store. The user may forget the password to the encrypted file, or the PDA could be lost or stolen. In this situation, the end result would require some administrative interaction in the form of issuing a password reset.