Why do people – even those aware of the risks – still use passwords a first-grader could guess? Join us as we dive deeper into the psychology of password choice and offer practical tips on strengthening your password habits.
Before delving into why people use weak passwords, let’s first examine what they are. The lists Wikipedia collected from various sources already tell an insightful story.
Straightforward, easy-to-remember passwords dominate the charts regardless of the year or where the data originates from. Some use sequential numbers. Others, like "QWERTY", exist because of the standard keyboard layout. "Password" is tongue-in-cheek, while other words like love or sunshine are among the most common in our vocabulary.
All this data points toward convenience as the main reason for weak passwords. People need passwords for dozens of accounts, even more if they regularly use online tools for work. Remembering so many is a hassle, even if you’re good at mnemonics or memorization in general.
The list understandably doesn’t show the prevalence of personal data in password creation. Initials, birth dates, pet names, and other readily available info can make even longer passwords useless if someone knows what to look for.
Password compromise happens for different reasons. We can influence most of them, like not sharing login credentials or writing down & leaving them in the open. However, we can’t control account security on the other end.
Data breaches, as are reports that a single one exposed databases with millions of accounts, are common. The damage needn’t be high if the password is unique and the hackers didn’t also steal payment information. Conversely, a reused password makes any other account that uses it or a similar one vulnerable.
Hackers don't stop at the breach. They use the login info & its variants to try to gain access to other accounts. That includes email, online retailers, banking institutions, and more. They don't always find a match, but they hit pay dirt more often than anyone should be comfortable with.
Thankfully, changing your approach to passwords doesn't have to be complicated. You can overcome most pain points this shift entails by getting a password manager.
Password management tools make maintaining accounts easier and more secure. It's easier since they can store more passwords than you'll ever need and fill them out automatically.
They're more secure since they can generate lengthy passwords that conform to the latest security standards and replace all of them instantly without inconveniencing you. It would literally take millions of years to brute force a password generated this way, so no one can breach your accounts merely by guessing.
You can do much, even if you don't want to use a manager. Most importantly, use long, unique passwords with special characters & numbers. You'll get the best balance of security and ease of use if you create passphrases. These contain words interspersed with symbols and numbers that can hold personal meaning yet be easier to remember and harder to crack than any other password type.
One would think that such lax password security is mostly due to a lack of awareness. Yet, the data tells a different story. A password behavior study keeps highlighting our collective risk awareness. Interestingly, participants' behavior doesn't reflect this. 80% fear having their passwords compromised, yet not even 50% make changes unless prompted.
In fact, 60% of participants said forgetfulness, rather than security, was the main reason for a password change. Most do so less than once per year or not at all. One of the most striking findings concerns password reuse. 91% of participants know they shouldn't reuse passwords; 66% can’t be bothered to change, though.
People practice poor password hygiene regardless of personality. Yet, type A and type B personalities explain the behavior differently. The As are more assertive and like to be in control. They want to know all their passwords and use systems to do so. Since even the best of us can only remember so many, they reuse passwords to maintain order.
Someone with a type B personality approaches password security more casually. They see limiting online involvement and creating as few passwords as possible as the best cybersecurity strategy. Since they’re laid back and unobtrusive, the Bs don’t believe they're targets worthy of exploiting.
Despite widespread knowledge of the risks, the convenience of weak passwords often outweighs security concerns, leading many to prioritize ease over protection. As we navigate an ever-connected world, it's imperative to recognize the importance of robust password hygiene and take proactive steps.