The most common way of protecting our multitude of online accounts today is to use passwords. But passwords are largely dependent on our brains and how much effort we’re willing to commit to memorizing various passcodes and combinations.

According to a survey conducted by Keeper, over 80% of people reuse a password across multiple accounts, which makes it easier to remember login details, but also increases the risk of those accounts getting hacked.

How many passwords do we use?

According to a 2015 analysis done by Dashlane, the average number of accounts that are registered to a single e-mail is around 100, and on average, people forget and have to reset their passwords around 37 times per year. The analysis also shows that the average user reuses their favorite password four times. A survey conducted by SecureAuth found that 81% of users use the same password for at least two accounts and that on average, 25% of their accounts share the same password. As the number of accounts we use will double by 2020, the problem of reusing passwords will only further compromise account security.

These results show that more than half of internet users prefer to use a handful of passwords across different accounts, rather than creating and memorizing a new, more secure password for each account. Additionally, most accounts that users create are connected to their main e-mail account. As most e-mail accounts are also protected by a simple username-and-password combination, they are as secure, if not less so, as all the accounts connected to them.

How does the memory work?

Memories and the way we remember things are a vast topic with a lot of details and nuances involved. But when it comes to passwords and memorizing them, it’s important to know two things.

First, as proven by researchers Joseph Bonneau and Stuart Schechter, we’re capable of remembering more passwords than we generally use. The brain can be trained to help retain new information – such as a new password – better and eventually, this information can be stored in the long-term memory. But creating a unique password for each account and then memorizing it would take up a lot more time.

Second, our memory and ability to recall things is tightly connected to emotions. This is why people sometimes remember events happening differently. Changes in personality, emotions, events and experiences can affect how we remember something since we recreate an event when recalling memories, but we apply our perception at the time of the recalling to them.

This also somewhat influences password creation, since, according to world-renowned security and password cracking expert Jeremi Gosney, our brains are not very good at creating random combinations for passwords and instead, we rely on our memories, taste in music and other things to create non-random passwords, which are easier for hackers to crack.

Are passwords enough?

Although various tools can be used to help create random combinations for new passwords, people are still more likely to reuse one stronger password for different accounts instead of creating a unique and secure password for each account they own.

A convenient and modern alternative to memorizing countless passcodes is using a secure authentication tool.

One of the more popular implementations of these new solutions is the two-factor authentication system: e.g. something the user has, such as their phone, and something they know, such as PIN codes. More factors can be added to these solutions, e.g. something the user is and cannot be stolen – biometry like fingerprints, face, voice, iris or other physiological characteristics.

Therefore, without having all the required factors, hackers would be unable to gain access to any accounts protected this way, and users could easily and securely access all their accounts.

But shifting the level of security even further we find various strong e-ID solutions. With these tools, the user’s identity is created based on tokens issued by the state or other identity providers which ensures a much higher security level than a simple e-mail account has.

These strong solutions follow strict principles in every step of the way: starting from confirming user identity until the issuance process. In addition, accordance with international standards, high availability of the systems, meeting certain security criteria, regular auditing etc. are just a few of the factors which determine the trustworthiness and scalability of strong e-identity solutions.

Strong e-ID solutions also add the convenience of single sign-on (SSO), which means that the user can use a single ID to log in to multiple systems. This removes the need to memorize a huge number of different usernames and passwords.

Security and ease of use along with accordance with international standards are among the main reasons why major banks recommend strong authentication solutions to their users.

More unique passwords or secure authentication tools

So, to ensure that our online accounts are better protected, we have a couple of options. One is to take better care of our brains and train them to remember a new secure password each time we create new accounts, instead of reusing other passwords. As the theoretical memory storage limit we have is enormous, then the only obstacle is to actively work on storing more passwords in our long-term memories.

The other option would be to have new strong authentication solutions implemented more vigorously, which would help secure our accounts better and remove the need to memorize too many passwords.