Protection of online accounts
Simplifying password management and increasing the security of online accounts
Recent surveys conducted by the Federal Office for Information Security (BSI) show that the vast majority of internet users learns passwords off by heart. To make it easier to remember these passwords and recall them in different everyday situations, they tend to create insecure passwords such as “Berlin2020”. This conduct can be observed in all age groups and is associated with significant security risks, as the frequent cases of data theft show.
Through a joint project, wirksam regieren and the BSI therefore aim to develop simple and secure solutions for managing passwords and protecting online accounts.
Developing solutions in cooperation with citizens to ensure that they are workable in an everyday context
In order to better understand what stops internet users from protecting their online accounts more effectively, wirksam regieren carried out group discussions and surveys with citizens. The findings gleaned form the basis for developing solutions that are workable in an everyday context (products, plans of action and information). Citizens, psychologists, IT specialists and security experts are working together to develop these solutions in a series of individual sessions and co‑creative workshops. The solution proposals developed in these contexts are then to be tested in realistic conditions on the ground and compared. This procedure will allow solutions to be identified which should make it easier to manage online accounts and passwords securely on a day‑to‑day basis.
Citizens would appreciate assistance with how to manage a large number of passwords securely
Initial findings from the qualitative and quantitative investigations show that people regard the secure and simple management of a large number of passwords as the greatest problem. Generating one single secure password is not perceived as the main problem, but rather the need to create and remember a separate secure password for each of many online accounts. The manageability of a large number of passwords is more important to them than security. That is also related to the conviction that a hacker could gain access to any account if they so desired.
74% of citizens state that they commit passwords to memory; 34% state that they write passwords down. Obvious solutions such as password managers are viewed with scepticism. The concern is that a hacker could gain access to all passwords at once. People are also uncertain about the seriousness of providers of these kinds of software solutions. In principle, however, citizens are open to password-free technical solutions if they fit into their daily routine and are perceived as secure. From the Government they would appreciate help in responding to the question of how to securely manage a large number of online accounts and passwords.
We are currently developing solutions with citizens, psychologists, IT specialists and security experts based on those findings. The solutions are then to be tested under realistic conditions on the ground.
in cooperation with the Federal Office for Information Security (BSI)