How people concoct their passwords, and why they often stink
Less than a third of the people surveyed by NordPass follow best practices when devising a password.
Choosing and using a password is one of the most challenging aspects of life in these technological times. The more accounts you use, the more passwords you have to devise. And though we may know the rules and requirements of password creation—cook up a strong password of a certain length, use letters and numbers and special characters, don’t reuse passwords—too often we gravitate toward simple and easy-to-remember passwords.
SEE: Extra security or extra risk? Pros and cons of password managers (TechRepublic)
A report released Wednesday by password manager NordPass looks at the techniques people turn to when creating a password. Based on a recent survey of 2004 adults in the U.S. and Germany, the research found that less than a third adhere to the rules of strong cybersecurity, while half of the people use personal information when creating a password.
The majority of respondents fail to devise random passwords with no meaning, a key part of password best practices. Only 27% of the women and 31% of the men surveyed said they create passwords with accidental or random words.
“Creating passwords that have a meaning is a very dangerous habit, as all dictionary words can be cracked almost instantly,” said NordPass security expert Chad Hammond.
Specifically, 49% of the women and 45% of the men rely on personal information, meanings and memories when generating a password. Some 29% of the women and 25% of the men use family names, dates and numbers in their passwords. Some 10% of women and 19% of men create work-related or profession-related passwords. And 24% of women and 19% of men turn to pet names, days and numbers for their passwords.
The yearly NordPass Most Common Passwords report highlights a host of passwords that rely on actual names, positive and affectionate words, and logical number sequences.
“This is exactly why these passwords are on the ‘Most Common’ list—they are very easy to hack and appear in many data breaches,” Hammond said. “There are no complex and random passwords on such a list, because, for example, [email protected] would take years to crack.”
When people do concoct unique passwords, they use accidental words or numbers more frequently. But if they use the same password for different accounts, they tend to turn to family or personal words, names, dates and numbers, according to NordPass.
“Reusing passwords is a huge mistake that many users still make every day,” Hammond said. “The problem is that, if one password is breached, all other accounts with the same password will be jeopardized.
To help people devise, maintain and use strong and secure passwords, Hammond offers the following three tips:
- Stop relying on personal words and memories. Instead, let technology help you. Use an online password generator to push you to create strong passwords. Just open your favorite search engine and search for the term “online password generator.”
- Delete accounts you no longer use. Some 64% of people surveyed said they don’t remember all the accounts they’ve created. But these accounts and their passwords still exist and may be active. If an unknown account is compromised, you might not even be aware of it. In these cases, a breach would be especially problematic for people who use the same password across multiple accounts.
- Don’t write your passwords down. Don’t devise a strong password only to put it on a post-it note on your monitor for everyone in the office to see. Find some a more effective way to store a password. A password manager is still your best bet.