what your password says about you

What’s wrong with passwords? A lot. This system for authenticating your identity, once relegated to mysterious subjects of cloak and dagger or controlling access to a speakeasy during prohibition, has exploded to become the Internet’s de facto method for verifying that a person is who he or she says they are. Think of how many passwords you are required to create and recall on a daily basis – your password for work, Facebook, Amazon, personal e-mail, and so on. It’s no wonder that when it comes time to change a password or create a new one, we often stick with what’s familiar. But what does our password choice say about our psychology?

The people over at WPEngine, the popular hosting platform for WordPress, decided to analyze millions of publicly available passwords and they came to some pretty interesting conclusions about the thought process many of us go through.

  • Women tend to use the word love in their passwords twice as often as men.
  • People in high profile positions at major corporations create passwords like the rest of us do, by combining names, dates of birth, simple words and a few numbers.
  • While we are becoming slightly better at creating passwords, most of us are just sticking a few digits at the end of the passwords we already use. Nearly one out of four of us will simply slap the number 1 on to the end of a password to meet a numerical requirement.
  • Friday is the most popular day of the week to choose as a password.
  • Fish edges out bear as the favorite choice of animal for a password.
  • Batman, Superman and Ironman take top place for favorite superheroes used in a password.
  • Some of the most popular passwords are 123456, password, qwerty, abc123, dragon, 111111, and monkey.

The major take-away confirms what we all know – we have become encumbered with passwords, and the propensity for us to keep things simple weakens the most common method of authentication. The ne’er-do-wells in the dark reaches of cyberspace know this. Go ahead and take a look at your passwords. Let’s not make their jobs any easier.

Source: http://wpengine.com/unmasked/

Showing 2 comments
  • Nick Kringas
    Reply

    Hi Brian,
    How do you feel about using Roboform or LastPass to create and manage your passwords for you?

    • Brian Guscott
      Reply

      Hi Nick – Password utilities such as LastPass, Roboform, and 1Password are great tools for making your online life more secure. They make it easy to generate unique and complex passwords for all the sites you visit on the Internet, thereby solving one of the biggest problems this article addresses: humans are horribly ineffective at creating secure passwords. A password like “7g^_jbAubyBL2jkYQS$” is much harder to manage than say, “Monkey123”. Additionally, most password managers offer helpful security tools that help reveal gaps in your passwords. LastPass will track how long it has been since you last changed your password and notify you if you have duplicate passwords (a giant no-no).

      With all the advantages these tools provide, there still remains a concern with how the passwords are encrypted and stored. A key feature among the top leading password managers is cloud storage, which allows you to use the tool on multiple devices. But that also means that your passwords are being stored by a third-party. When considering using these tools, be sure to check how they encrypt (is the password encrypted on your machine before sending it to the cloud) and secure the data and if they are engaging in third-party audits. Consider using two-factor authentication such as Yubico alongside something like LastPass.

      The good news is that there have been significant efforts to make passwords a thing of the past. The aforementioned hardware solution from Yubico has been gaining traction. Security researcher Steve Gibson is proposing a system of authentication called SQRL that uses two ubiquitous symbols of the modern mobile computing era – your smart phone and the QR code. It will take some time for these alternative solutions to develop. In the meantime, anything you can do to break the cycle of using the same passwords is a step forward.

Leave a Comment