We’re sitting there, in front of the computer and in the middle of signing up for a shiny new account on some website or another and the usual sorts of questions are there:
What’s Your Name?
“Yup, I know that one.. No problem.”
What’s Your E-mail address?
“Damn, was it dot-com or dot-net? Ahh, here we are; dot-net. Sorted.”
What Password Are You Going To Choose?
“Ummm.. Errr.. Hmmmm.. What can the hell can I use for a password?”
And here’s our first problem. Unless we’ve given it some thought before we’ve gone to whatever-we’re-signing-up-for.com and started filling everything in, we’re under pressure. We need to come up with an answer to that fateful question and most of us feel the need to do it fairly quickly. Anxiety starts to set in (for the average computer user, it really does), or we’ve got to go and feed the cat, pick the kids up from school or simply want get the order done because ‘it’s just so shiny’.
So our thought process leads us to think of things based on two different but related themes.
- Familiarity: We’ll think of things that are familiar to and have meaning for us, normally something that has lasted the test of time. Alternatively, it could be something that’s still in our short term memory. Perhaps that film we saw last night or the brand new Ford Mustang we saw this morning while filling up with fuel. All these sorts of things will pass through as we’re considering the options.
- Memorisation: The majority of us, whilst considering such things as the new Mustang this morning, will disregard those as options relatively quickly. This is because we’re less likely to remember them over time than things that have a lasting meaning for us. Obviously, our being able to remember the passwords we choose is vital, otherwise we’re soon going to find ourselves unable to access whatever we’re signing up for.
Generally speaking, a very high percentage of our passwords are chosen through impromptu generation, based on that familiarity and memorisation. Looking a little deeper though, we’re able to break things down some more.
Based on a study carried out in 2002 by a British Psychologist, Dr. Helen Petrie, Ph. D, our familiarity/memorisation choices are centered in one of four genre subsets:
- Family-orientated (almost half of those surveyed)
- Fan-based (approximately one-third of those surveyed)
- Fantasists (approximately eleven percent of those surveyed)
- Cryptics (approximately ten percent of those surveyed)
Family-orientated password creators will generally choose names, nicknames, birthdates, places or other things that they have strong emotional or family ties with. This subset of people tend to fit into the bracket of ‘occasional computer users’, often having fewer online accounts than the average.
Fan-based password creators will generally focus their attentions onto things that they really like. Such as films, tv, music, games and so on. Two of the top choices in this genre from those who were surveyed were Homer Simpson and Madonna. In 2016, one of the top most common passwords was ‘StarWars’, following the release of Episode VII in 2015. For this reason, this subset of people may have some of the easiest passwords to crack, their commonality and general public presence causing these words to hit most hackers lists.
Fantasists tend to be slightly narcissistic in their choice of passwords and will often focus their choices around terms of self admiration, whether knowingly or not. Whilst the majority of those surveyed who fell into this genre were male, a surprising thirty seven percent were female. Fantasists often have a sexual focus in their passwords, choosing words such as ‘sexy’ or ‘goddess’. If you’ve taken a look at the 100 of The Most Common Passwords, you’ll maybe have seen that there are a number of similarly related words in there.
Cryptics are the most cyber-security conscious of us all. Their passwords are often made up of meaningless and unintelligible strings of numbers and letters (e.g. jft922+x). Whilst they certainly have the most secure passwords, they are also the least interesting.
Type ‘A’ or Type ‘B’ Personality?
One of the other things that affects the choices that we make in regards to passwords is our general personality type. This is somewhat more vague than the findings of the above study, but does still hold considerable relevance in defining the words or phrases that we use.
Type ‘A’
Those of us that fall under the Type ‘A’ personality type tend to derive our passwords from a desire to be ‘in control’. We have a tendency to believe that our accounts are not at risk and will often reuse passwords across different logins. Some of this tendency is based around us wanting to ensure that we don’t forget the passwords we use.
Additionally, those of us who fall into this personality trait are often quite focused on details and will have a methodology around how we remember the passwords we use. 60-70% of us Type ‘A’s are normally quite proactive about trying to keep our online selves secure, even if our efforts might be a little misguided at times.
Type ‘B’
On the other hand, those of us who lean more towards the Type ‘B’ personality are more inclined to believe that our accounts are not at risk, mainly because they aren’t worthy of a hackers time. This has a tendency to reinforce any bad habits we’ve got into around our password choices and, eventually, to make us believe that those bad habits are acceptable.
In fact, 40-50% of us Type ‘B’s are under the impression that we have nothing of value enough to a hacker for us to be targeted and will primarily choose a password based on how easy it is to remember.
Whilst password psychology does give us some indications as to why we choose the passwords we do, it’s not enough to be accepting of those reasons. In order to keep ourselves, and those connected to us, safe from the attempts of hackers, we need to rethink and improve how we approach our password choices.
SpenceTec UK 