Slashdot Mirror

← Back to Stories (view on slashdot.org)

Why People Are So Bad At Picking Passwords

Posted by samzenpus on from the 1-2-3-4-5 dept.

mrspoonsi writes "Studies suggest red-haired women tend to choose the best passwords and men with bushy beards or unkempt hair, the worst. These studies also reveal that when it comes to passwords, women prefer length and men diversity. On the internet, the most popular colour is blue, at least when it comes to passwords. If you are wondering why, it is largely because so many popular websites and services (Facebook, Twitter and Google to name but three) use the colour in their logo. That has a subtle impact on the choices people make when signing up and picking a word or phrase to form a supposedly super-secret password. The number one conclusion from looking at that data — people are lousy at picking good passwords. 'You have to remember we are all human and we all make mistakes,' says Mr Thorsheim. In this sense, he says, a good password would be a phrase or combination of characters that has little or no connection to the person picking it. All too often, Mr Thorsheim adds, people use words or numbers intimately linked to them. They use birthdays, wedding days, the names of siblings or children or pets. They use their house number, street name or pick on a favourite pop star. This bias is most noticeable when it comes to the numbers people pick when told to choose a four digit pin. Analysis of their choices suggests that people drift towards a small subset of the 10,000 available. In some cases, up to 80% of choices come from just 100 different numbers."

6 of 299 comments (clear)

  1. Huh? by hduff · · Score: 5, Funny

    These studies also reveal that when it comes to passwords, women prefer length and men diversity.

    We are still talking about passwords, right?

    --
    "I believe in Karma. That means I can do bad things to people all day long and I assume they deserve it." : Dogbert
    1. Re:Huh? by Thanshin · · Score: 5, Funny

      Probably not.

      Studies suggest that news about studies are only vaguely related to the studies themselves.

    2. Re:Huh? by QQBoss · · Score: 5, Funny

      Is it too obvious to point out that it isn't so much the length of the password that is important, but how you use it? The luckiest, of course, are able to take advantage of both.

  2. Obligatory xkcd by DexPleiadian · · Score: 5, Insightful

    http://xkcd.com/936/

  3. Who works for whom? by mcmonkey · · Score: 5, Insightful

    "people are lousy at picking good passwords"

    This begs the question. There is some reasonable expectation that people should learn to properly use the tools of modern society, but in the end, the tools should serve the people, not the other way around. If your car pulled to the left, would you say you were lousy at driving in a straight line? No, you'd say your car was out of alignment and get it fixed.

    A password is something we're expected to remember, but we're wrong to pick words or numbers that might be easy to remember, such as familiar names or dates. Even if you say pick a system of choosing passwords to remember rather than an individual password, that's impossible. Every different system and site has different password requirements, so no single easy to remember system will work for all of them.

    "You have to remember we are all human and we all make mistakes"

    Yes, and Mr Thorsheim's mistake is assuming the issue is with the people who are using the system and not the people designing the system. The truth is,

    "password systems are lousy at serving people."

    (as an aside, WTF is up with systems that do not allow special characters in passwords? Are they worried about SQL injection? If that's possible from a password field, the system is FUBAR.)

  4. Re:Before choosing an important password by emag · · Score: 5, Funny

    Especially every 90 days...

    --
    "The urge to save humanity is almost always a false front for the urge to rule." --H.L. Mencken