Slashdot Mirror

← Back to Stories (view on slashdot.org)

The Science of Password Selection

Posted by timothy on from the insert-horror-stories-here dept.

troyhunt writes "We all know by now that most people do a pretty poor job of choosing passwords, but what's behind the selection process? What's the inspiration for choosing those short, simple passwords that so often adhere to such predictable patterns? It turns out there's a handful of classic routes that people follow to consistently arrive at the same poor choices – and some of them are pretty shocking."

4 of 340 comments (clear)

  1. Non-alphanumerics by paleo2002 · · Score: 5, Insightful

    To be fair, I doubt the average person is aware that a password can include symbols unless they are specifically advised that they are allowable. I know I've been scolded by many computers, web sites, and electronic systems for using symbols in the past so its no wonder that they are rarely used.

  2. Re:You know, what is more shocking by rolfwind · · Score: 5, Insightful

    You know what's worse? Security questions! Especially when you can't type your own.

    Favorite Color? Too easy - people aren't going to say FF1A16. Most will say black, red, green, blue, white, or a handful of other labels.

    With all these favorite questions, I either don't have one. I really lack strong favorites in all areas. And the next time it asks me that, it will have likely changed.

    OR, it's information that's know to my entire household. Even if they don't do anything nefarious, I'm sure someone can wrangle out of my mother what street I lived on as a kid in a casual conversation.

    I hate SQs with a passion. Whoever thinks this is security is nuts.

    (Srry, posted as anon before, dang sign-in isn't as convenient as it used to be.)

  3. Re:TL; DR by fish+waffle · · Score: 4, Insightful

    The problem with passwords is that if they are too complex..

    Partly. There are also too damned many of them. Every pissant site seems to require a login/passwd, it's best to keep them all distinct, and the difficulty of remembering all these passwords is in a continuum with their complexity.

  4. Re:You know, what is more shocking by bill_mcgonigle · · Score: 4, Insightful

    I hate SQs with a passion. Whoever thinks this is security is nuts.

    Simply put, security questions reduce your account's security to the strength of the security questions. Mostly, they're weaker than average passwords. Lord help you if you've got a Facebook profile. Mother's maiden name. Hell, that's public information today.

    --
    My God, it's Full of Source!
    OUTSIDE_IP=$(dig +short my.ip @outsideip.net)