Recently, I've been helping my parents, ages 50-60, with resetting their passwords as they constantly forget them. They used to have simple passwords, think (Apple1) until we had the 'talk', now they use more secure passwords but imo not good enough. They're reasonably tech literate, enough to know how to google, PowerPoint, Word, etc for their jobs, but anything beyond that it becomes a phone call.
I tried to set my dad up with Bitwarden, and while I find it simple enough, he had a lot of trouble grasping its concept, nonetheless the UI. There was confusion with how it can be a webapp, browser extension, phone apps, desktop apps, etc.
I know there are a plethora of password managers out there.
The idea I had is simple, another password manager but:
- no browser extension
- only webapp and phone apps
- no autofill
- deadsimple UI
- no tags or folders, just search
- can be managed by an admin account (like a child)
- The user just copies and pastes
- secure default settings (vault lockout timing, etc.)
The password generator is just 1 option, there are no settings like length, special characters, etc. If the website does not accept it, then when the user revisits the dialogue again, another option will appear giving the user the option to regenerate simpler.
Even though it's not a perfect solution, and the enforced defaults might be opp sec 'bad practice'. It's still better than nothing.