Password managers have done wonders for users by creating a single password to secure all of their passwords, preventing a data breach from unlocking every one of their accounts.
The original problem
People re-use passwords, and the passwords they reuse are generally awful. According to Sophos, 55% of users re-use passwords!
The solution to the original problem
With something like 1Password or LastPass, a master password is created and the user simply has to remember one password (get it?) to access all of their passwords. And then, the password manager can generate random passwords for you, so you don't have to think about it.
The problem with password managers as they stand
They're still too difficult.
Think about how it works right now:
- The user has to know about password managers and how to use them.
- The user has to buy a password manager and install it on all of their devices
After they have it installed, and want to sign up for a site, the user must,
- Click Register
- Fill in the personal information not filled in by AutoFill, pretty hit or miss
- Remember to not just fill in their usual password
- Remember to click on the password manager
- Enter their password / authenticate (biometric)
- Fill out the rest of the web form
- Answer the confusing "save your password?" dialog boxes from both the browser and the password manager
Why is this so complicated? Why don't we have a workflow like this?:
- Click Register/Login
- Authenticate with fingerprint or password
- Check the boxes with what they wish to share with the site
Congrats, you never have to login again. Oh, and a little bit of work with Authy and it could automatically setup 2FA as well.
This is so do-able. A push from Google through Chrome or the like would most likely get websites up-to-speed on this. Also, then we don't have to worry about clickjacking the password box or other weird stuff like that. Also, users will be more tempted to use their password manager because it's just so much easier.
What tech blog post would be complete without a mockup?
I hope we can get to something like this soon. Until password managers are easier to use than typical passwords,
hunter2 will still be extremely common and reused.