What’s your favourite password?
“Passwords that show no imagination or distinctiveness are easy prey for information pirates, a new US study says.”
“people often do the easy thing” like:
- Their first name (or their children’s)
- “1234” or “123456”
- “qwerty” (or “azerty” in Europe)
- Names of TV/film stars and characters
- “password” or “password1”
- “I don’t care” “whatever” “yes” “no”
- “iloveyou” “ihateyou”
Choosing an irresponsible password must be, in this day and age, akin to hiding the front door key under the mat, or leaving it in the lock.
Read the full article on Channel News Asia.
Possibly Related Posts
5 comments on “What’s your favourite password?”
Leave a Comment
Noticeboard
Buy my book – 30% off and free shipping within Australia; 15% off and free shipping worldwide!
Are you a solopreneur doing it on your own? Read my articles on Flying Solo.
Are you a small to medium-sized business leader or decision maker? Read my articles on Kochie’s Business Builders.
Follow me on twitter.
Visitor locations: click for details.
Hi Zern,
I think the problem stems from a lack of experiencing a detrimental consequence. Most of us out there are pretty bad at learning from other people’s mistakes or advice.
Ask a person over and over to protect their access with a secure password and most will not bother until something bad happens. Something that really hurts in the way of time, money or pride.
Some systems are very good at enforcing users to create secure passwords with strange combinations of case, numbers and punctuation. Most people I know when forced to do this will write it down on a note they keep next to their computer just so they don’t forget.
It is a challenging problem for IT support and maybe we just have to wait long enough for all of us to get burned at least once before we take this issue seriously.
Robert
PS My new password is ‘rH5p@0b1efYz%2Aa’
Hi Robert,
Waiting for most of us to get burnt so we learn. Maybe only then will we see a decrease in cybercrime etc?
Interesting point.
I wonder if our current awareness of personal and property safety/protection took a similar course of learning to achieve?
How long did it take us to move from small communities who don’t have locks on doors to modern high rises with 24/7 security guards and biometric locks?
Did a lot of people have to get burgled in the learni process?
OMG your password is exactly the same as mine!
Interesting article. I am surprised at the amount of people who openly disclose their passwords to their friends or partners.
At work all our departmental computers have general login name and password labelled on the computers!!!!
Passwords have a become a “blame the user” event because of – not inspite of – increased security.
Consider the typical corporate network which requires all users to change their password every 4 weeks, and no password can be repeated within the last 10 or 20 (or 50!) passwords and must be a mix of upper and lower case and alpha numerics. How long before passwords become PassWord1234 then PassWord2345 or Password200903, and stuck on a post-it note on the monitor? How can it be otherwise.
Online bank accounts routinely require 2 distinct passwords, the internet provider requires a password, as does the router, as does the home PC if you take security seriously.
And if you subscribe to internet services you’ve got yet more passwords. Because current security best-practise is to store password hashes, if you use “I’ve forgotten my password” links you’ll get a temporary password emailed to you which you have to change, not the original password which is all you wanted.
Combined with 99.99% of logins that asterix out passwords as they’re typed, which adds nothing to security (because its done on the local machine), email confirmations that won’t show the password (clear type – a security risk), there is frequently no visual display whatsoever of a users’ entered password.
Accidently type password1235 instead of password1234 and you’ll find yourself locked out of your own account with no apparent reason why.
Even usernames are problematic. Subscribe to a site with your usual username and then unsubscribe or let the subscription lapse – if you attempt to re-subscribe, 9 times out of 10 you’ll find your username is already in use, forcing you to use something you’ll never remember.
At every step of the way, passwords are renderered as humanly impossible to manage as possible. Only someone with a super-human memory could possibly remember all the passwords they need to.
You speak of people not taking passwords seriously until they get burned. You mean if someone manages to steal my password to access my subscription news service? Why should I care. If someone breaks into my online bank account and withdraws all my money, thats the banks problem which I’d expect to be re-imbursed for.
And if I write down all my passwords and stick them on the PC, so what? If someone has broken into my home, stolen passwords will be the least of my problems.
The user password as the be-all-and-end-all of security has gone as far it can and its time for service providers to implement real technical security measures and stop trying to blame their users for their own inadequacies or cheapness.
‘OpenID’ offers a pretty good user experience in solving this very problem of password overload.
I’d not be game to use it for my banking but it appears to be a very good solution for the vast number of on-line subscription services we inevitably accumulate.