Most people think their passwords are pretty good. After all, these passwords protect a growing stash of precious digital information about us. I used to do a party trick and/or a security demonstration where I bet people I could ask them five questions and then guess their password in five tries or less. I won the bet a frightening percentage of the time. For most people, my five password questions would be along the lines of:
- What is your significant other’s name?
- What is your pet’s name?
- What is your firstborn child’s name?
- When is your birthday?
- When is your anniversary?
Combining these in a fairly predictable way, I could almost always get close. After a few questions, many people started to realize that their entire digital life was locked away behind these easily picked locks of their own creation. Banking, credit card accounts, emails, instant messages – all potentially hanging in the breeze. Not a good feeling when you’ve always acted with the presumption of security and privacy.
For some people, I would ask different questions, “what is your favorite beer,” or “who is your favorite athlete/celebrity,” but the principle is that people generally create passwords around things meaningful to them that they can remember. If you understand this principle, passwords become increasingly easy to guess, as they are almost always based on common words and names. They more you know about a person, the easier the guessing game.
This gave me a natural segue to talk about password security and password complexity, topics of ever increasing importance in the digital age, and as more and more of our lives transition to the digital realm, the trend isn’t going to reverse anytime soon.
Stay tuned for the next installment where we’ll talk further about how to keep your digital property safe and secure!