I'd been meaning to beef up my online security for years, but I dragged the task undone from one to-do list to the next, year after year. Until, finally, the lockdown gave me time to research available password managers, buy one, and populate it.
Thinking that I was doing my husband and teenage son a favor, I bought 1Password’s family version so we’d all be protected. What I didn’t anticipate is that both of them would balk at using it. I soon found out this was a common issue.
Abrasha Staszewski, a 1Password early adopter, is a case in point. He bought the password manager in January 2008 after hearing about it at a MacWorld exhibit in his hometown of San Francisco. Back then it wasn’t a subscription program; you just downloaded the software into your computer. Staszewski installed it and started using it.
When the company offered an upgrade for a family program, he purchased it, hoping to get his wife Maria Cristini and their two grown sons on board. “I told Maria, ‘It’s so simple; you only have to remember one password,’ but she wasn’t interested.” After a few years, Maria started using it, but “she was always complaining that it didn’t work. I think one of the problems is that when I installed it in her phone, I did it under my account, and it wasn’t syncing properly with her computer.” As for his sons, one got on it; the other never did.
Howard G., from Washington DC, had a similar problem. He purchased Dashlane for himself and was very happy with the product. Then he tried the family plan upgrade. “My wife found it complicated and didn’t want to use it; and it wasn’t a part of my college daughter’s world. She preferred the Apple iCloud Keychain.”
Even an expert in online security can have a hard time convincing his family to use a password manager. Tom Alessi, CIPP, CISSP, and CISM certified, has been a security professional for 20 years. He uses MacPass, but he couldn’t convert his wife.
If you are facing the same resistance at home, don’t despair. The following tactics can help you get everyone aligned.
Open the Way
For Celia Tejada, who lives between San Francisco and the North of Spain, getting a family password manager was essential. “My life is complex. I travel a lot, and I manage several businesses. I needed to streamline all the information and make it accessible to my personal assistant. I also wanted my children, who are 25 and 28, to have access to certain things.”
Instead of trying to convince her sons, she decided to go it alone. “We didn’t need all of us to hold hands and jump in the train together. I jumped in the train first with my assistant; we established all the common information. Then, when my sons called me to ask, ‘Mom, what is the password for that account?’ or ‘What is my Spanish passport number?’ I’d just say, ‘It’s in the family password manager.’ In the early stages they used it only to find this information, but now they’re getting more comfortable storing their own passwords.”
Dashlane CEO J. D. Sherman offered similar advice: “The way we think about building our product is a good rule of thumb: give before you ask. The best way to get family members onboarded to a password manager is to start small with secure sharing of popular accounts, such as streaming services or news subscriptions. Then, your family can see some immediate value to using a password manager (they’ll have the right password even if you use Password Changer), and they’re more likely to start exploring other features and changing their habits.”
Consider Alternate Routes
The prospect of shared passwords or login protection wasn’t enticing enough for my family. My son is 19; he doesn’t have hefty financial assets to worry about; my husband is not technology oriented. I had to find a different way in.
We’d recently lost a relative and spent months detangling the knots of his digital profile and financial information. I explained that I had set up a shared document in 1Password with crucial information so they could easily straighten my affairs after I passed, and I encouraged my husband to do the same. This was enough to get them to set up their accounts and for my husband to upload his information and some passwords. I can’t say they use the tool consistently yet, but they are slowly getting more comfortable with it, especially my husband.
Find the Right Ride for You
As a security professional, Alessi is used to seeing what happens under the covers of a technology company. “I know every day there are fires, so I’m colored by that perspective.” For this reason, he wanted to be extra careful. “I chose MacPass because it’s an open source tool; therefore, if there were any vulnerabilities it would be well known, and they would be fixed. MacPass is free; you download the code into your computer and manage the database yourself. I feel more comfortable having a password safe under my control and protected by me. However, it’s not for everyone. It’s more complicated than a regular family password manager.”
Alessi is using a solution that’s designed for people who want to be hands-on. For most people, as he noted, a family password manager that is handled by security experts trained to run it, fix bugs, and respond to issues is ideal. After all, not all of us are CISSP certified!
Have a Designated Taskmaster
Although each family member can have their own master password and their own private vaults within the tool, sometimes this arrangement is not realistic, especially if there is a technophobe among you.
Thomas T., from Seattle, opted for simplifying. He chose iCloud Keychain and decided to have only one master password for him and his wife. He and his wife share and combine their finances, “so it made sense to share the master password and our financial accounts,” he said. That made adoption easier, as his wife didn’t have to deal with setting up individual logins for the accounts themselves or with the password manager, other than remembering the master password.
Alessi settled on a similar tactic. “I’m a good example of most families: I’m the technical person and nobody else cares, so the agreement I have with my wife is that I’m going to keep all the passwords in my password safe, and I will control the authentication.”
Use Every Possible Lane
To Staszewski’s surprise, his wife Maria went from reluctant user to evangelist … years after he had first invited her in. “At first, I was really hesitant,” she says, “because it didn’t feel safe to put all of my passwords in one place. But as we had more and more passwords, I realized I really needed protection. I was proud because I did the research, settled on a product, and set it all up by myself. I decided to stick with 1Password, but I bought their current, subscription-based product. Moving my passwords from the old manager to the new one was quite easy.”
Right now, three people in Staszewski’s family of four are using 1Password, but they are in different versions of the same product and they don’t know if they’ll migrate to be all together on the same, newer version. Still, Maria is convinced. “I run a coaching program for emerging leaders, and in one of the modules I teach them about finances, budgeting, and other life skills. I always recommend that they get a password protection program.”
Double Down on Safety
If one of your loved ones doesn’t like the idea of having their finances in the cloud, protected by only one master password, emphasize that they still can and should take extra precautions with key information.
“The things that are very important from a security standpoint,” said Alessi, “are your financial information, your health information and your email, which is used as a trigger mechanism to reset all passwords. For those three categories I have two-factor authentication enabled on everything, even if the passwords are protected in my password manager.”
This may give your hesitant user peace of mind.
Consider a Bribe … Ahem … an Incentive
This tactic of last resort may work with your teenage kids. I’d like to get my son to use the password manager regularly, so I may do what I’ve done in the past to encourage him to do something that was good for him: offer him $20 to sit with me for an hour and enter a few more logins. If I am ready to fork out tens of thousands of dollars on his education, why wouldn’t I spend a tiny sum to help him protect his most sensitive information? In my view, it’s worth the investment.
Don’t Give Up
Whatever path you take, be persistent. Providing online security for your family is crucial, as Alessi points out. “In the corporate world we have many tools available that enforce good practices on employees and lower risk significantly: having a complex password, changing your password periodically, using automated analysis tools that can spot activity that is different than the norm. None of this is available in your personal life, so risk is much higher, and diligence is much lower. The logical choice is to put your information into a service that can store it securely and that can recall it for you on demand in a secure fashion. The basic value proposition is very sound and solid.”