When it comes to passwords, most of us have just as much trouble remembering too many different passwords as we do remembering different PIN numbers.
In fact, I would suspect that the majority of people use the same password and the same PIN in a wide variety of situations. Which is, of course, self-defeating. A thief only needs to find one of your passwords or PINs in such cases to be able to break your security.
But who wants to remember dozens of different passwords/PINs? Life’s too short, and the memory is already full of enough trivia. There are a number of programs available to help you.
For instance, I’ve been a user of RoboForm for some time now, and find it very effective. (You do have to pay for it, but it’s worth it.) Once you’ve set up an initial password that you do need to remember, all other passwords are protected. You only have to put them in the first time you revisit a site after installing the program.
Password Door has a similar arrangement, but can also add passwords to programs that don’t normally have them, such as many of the common Microsoft programs. Super ExeLock is a third possibility, and there are no doubt many others.
photo by Max (TJ)
Whether hackers are interested in your information or not is another question, and any hacker who really wants to make his mark in the world is going to go for something big, something that brings in some moolah, rather than discovering what you’ve written about other members of the family on your home PC.
That’s not to say you shouldn’t take precautions. Choosing a password that is unfriendly to hackers is still a worthwhile safeguard, and in general people in the know recommend a good mix of letters and numbers – the longer the better. (That is, a combination of ten letters and numbers rather than three or four.)
So while something along the lines of c2a9xm%-a$7 may be difficult to type, it’s a lot less easy to hack.
But do people in general choose complicated passwords? No. They want something they don’t have to think about too hard, and something that’s easy to type. (Try typing the one above in a hurry.)
In March 2008, Jimmy Ruska wrote a long post on the subject. According to his calculations the top ten most common ways to “invent” a password were as follows:
1. 123456, 123, 123123, 01234, 2468, 987654, etc
2. 123abc, abc123, 246abc
3. First Name
4. Favourite Band
5. Favourite Song
6. first letter of given name then surname
7. qwerty, asdf, and other keyboard rolls
8. Favourite cartoon or movie character
9. Favourite sport, or sports star
10. Country of origin
photo by Bruce Santos
You might think that 4, 5, 8 and 9 would make life more difficult for a hacker. But stop and consider for a moment what favourite band, song, cartoon or sport/sport star you’d put in if you were faced with the question: password? For people of my generation, it’s likely that beatles, titanic, simpsons, beckham would make the list hundreds of times over. Depending on your age, you could easily come up with four names that you’d find plenty of other people would go for too.
Back in 2006 another site listed the ten most commonly used passwords, garnered from a survey of computer users. (UK computer users, by the looks of the words on the list.)
- 123
- password
- liverpool
- letmein
- 123456
- qwerty
- charlie
- monkey
- arsenal
- thomas
Some of these might seem a bit obscure, especially if you don’t reside in the UK. Liverpool and Arsenal are football teams (and not necessarily the best, either!) Letmein isn’t a German word, of course, it’s: let me in. Seemingly the X Files’ Fox Mulder’s password – trustno1 – was very popular too. Thomas is a surprise, as is Charlie. The latter is apparently a common slang word in the UK – but Thomas? As popular as the name might be, it’s extraordinary to find it making the top ten.
Nearly 20% of people used one of these passwords. Yes, that leaves 80% of people who used less common ones, but no doubt if we’d looked at the Top One Hundred passwords, we’d find a much bigger majority would be using similar words or letters. And note that there isn’t a single combination of letters and numbers amongst these, for starters.
So the choice is yours. Go simple and easy-to-remember, or take a bit of trouble and avoid problems. We all pretend nothing will ever happen to “me and my computer,” but we know that in the real world unpleasant things do happen. Better be safe than sorry.
(Incidentally, saying “PIN number” is a tautology: PIN already means Personal Identification Number!)
January 10th, 2009 at 12:38 am
i hate passwords :-0
January 10th, 2009 at 3:20 am
Me too….unfortunately they’re a necessary evil.