Password Psychology

A lttle explanation around the reasons for our password choices

We’re sitting there, in front of the computer and in the middle of signing up for a shiny new account on some website or another and the usual sorts of questions are there:

What’s Your Name?

Yup, I know that one..  No problem.”

What’s Your E-mail address? 

“Damn, was it dot-com or dot-net?  Ahh, here we are; dot-net.  Sorted.”

What Password Are You Going To Choose? 

“Ummm..  Errr.. Hmmmm.. What can the hell can I use for a password?”

And here’s our first problem.  Unless we’ve given it some thought before we’ve gone to whatever-we’ and started filling everything in, we’re under pressure.  We need to come up with an answer to that fateful question and most of us feel the need to do it fairly quickly.  Anxiety starts to set in (for the average computer user, it really does), or we’ve got to go and feed the cat, pick the kids up from school or simply want get the order done because ‘it’s just so shiny’.

So our thought process leads us to think of things based on two different but related themes.

  • Familiarity:  We’ll think of things that are familiar to and have meaning for us, normally something that has lasted the test of time.  Alternatively, it could be something that’s still in our short term memory.  Perhaps that film we saw last night or the brand new Ford Mustang we saw this morning while filling up with fuel. All these sorts of things will pass through as we’re considering the options.
  • Memorisation:  The majority of us, whilst considering such things as the new Mustang this morning, will disregard those as options relatively quickly.   This is because we’re less likely to remember them over time than things that have a lasting meaning for us. Obviously, our being able to remember the passwords we choose is vital, otherwise we’re soon going to find ourselves unable to access whatever we’re signing up for.

Generally speaking, a very high percentage of our passwords are chosen through impromptu generation, based on that familiarity and memorisation. Looking a little deeper though, we’re able to break things down some more.

Based on a study carried out in 2002 by a British Psychologist, Dr. Helen Petrie, Ph. D, our familiarity/memorisation choices are centered in one of four genre subsets:

  • Family-orientated (almost half of those surveyed)
  • Fan-based (approximately one-third of those surveyed)
  • Fantasists (approximately eleven percent of those surveyed)
  • Cryptics (approximately ten percent of those surveyed)

Family-orientated password creators will generally choose names, nicknames, birthdates, places or other things that they have strong emotional or family ties with.  This subset of people tend to fit into the bracket of ‘occasional computer users’, often having fewer online accounts than the average.

Fan-based password creators will generally focus their attentions onto things that they really like.  Such as films, tv, music, games and so on.  Two of the top choices in this genre from those who were surveyed were Homer Simpson and Madonna.  In 2016, one of the top most common passwords was ‘StarWars’, following the release of Episode VII in 2015.  For this reason, this subset of people may have some of the easiest passwords to crack, their commonality and general public presence causing these words to hit most hackers lists.

Fantasists tend to be slightly narcissistic in their choice of passwords and will often focus their choices around terms of self admiration, whether knowingly or not.  Whilst the majority of those surveyed who fell into this genre were male, a surprising thirty seven percent were female.  Fantasists often have a sexual focus in their passwords, choosing words such as ‘sexy’ or ‘goddess’.  If you’ve taken a look at the 100 of The Most Common Passwords, you’ll maybe have seen that there are a number of similarly related words in there.

Cryptics are the most cyber-security conscious of us all.  Their passwords are often made up of meaningless and unintelligible strings of numbers and letters (e.g. jft922+x).  Whilst they certainly have the most secure passwords, they are also the least interesting.

Type ‘A’ or Type ‘B’ Personality?

One of the other things that affects the choices that we make in regards to passwords is our general personality type.  This is somewhat more vague than the findings of the above study, but does still hold considerable relevance in defining the words or phrases that we use.

Type ‘A’

Those of us that fall under the Type ‘A’ personality type tend to derive our passwords from a desire to be ‘in control’.  We have a tendency to believe that our accounts are not at risk and will often reuse passwords across different logins.  Some of this tendency is based around us wanting to ensure that we don’t forget the passwords we use.

Additionally, those of us who fall into this personality trait are often quite focused on details and will have a methodology around how we remember the passwords we use.  60-70% of us Type ‘A’s are normally quite proactive about trying to keep our online selves secure, even if our efforts might be a little misguided at times.

Type ‘B’

On the other hand, those of us who lean more towards the Type ‘B’ personality are more inclined to believe that our accounts are not at risk, mainly because they aren’t worthy of a hackers time.  This has a tendency to reinforce any bad habits we’ve got into around our password choices and, eventually, to make us believe that those bad habits are acceptable.

In fact, 40-50% of us Type ‘B’s are under the impression that we have nothing of value enough to a hacker for us to be targeted and will primarily choose a password based on how easy it is to remember.

Whilst password psychology does give us some indications as to why we choose the passwords we do, it’s not enough to be accepting of those reasons.  In order to keep ourselves, and those connected to us, safe from the attempts of hackers, we need to rethink and improve how we approach our password choices.

100 Of The Most Common Passwords

The ‘Wonderful 100’ – 100 of the most used passwords

This is a simple list of the top 100 most common passwords. This list does change and move around regularly and will sometimes appear in a different order. Some passwords become more common, others less so and sometimes new passwords will appear (The release of Star Wars Episode VII, towards the end of 2015 caused a huge influx of related passwords in 2016, so steer clear of those too). This wonderful 100 have been around a while and, sadly, hasn’t changed much.

If you’re using any of these passwords for any of your accounts or devices, I’d strongly recommend that you change them immediately Warning: Contains explicit language

  1. password

  2. 123456

  3. 12345678

  4. 1234

  5. qwerty

  6. 12345

  7. dragon

  8. pussy

  9. baseball

  10. football

  11. letmein

  12. monkey

  13. 696969

  14. abc123

  15. mustang

  16. michael

  17. shadow

  18. master

  19. jennifer

  20. 111111

  21. 2000

  22. jordan

  23. superman

  24. harley

  25. 1234567

  26. fuckme

  27. hunter

  28. fuckyou

  29. trustno1

  30. ranger

  31. buster

  32. thomas

  33. tigger

  34. robert

  35. soccer

  36. fuck

  37. batman

  38. test

  39. pass

  40. killer

  41. hockey

  42. george

  43. charlie

  44. andrew

  45. michelle

  46. love

  47. sunshine

  48. jessica

  49. asshole

  50. 6969

  51. pepper

  52. daniel

  53. access

  54. 123456789

  55. 654321

  56. joshua

  57. maggie

  58. starwars

  59. silver

  60. william

  61. dallas

  62. yankees

  63. 123123

  64. ashley

  65. 666666

  66. hello

  67. amanda

  68. orange

  69. biteme

  70. freedom

  71. computer

  72. sexy

  73. thunder

  74. nicole

  75. ginger

  76. heather

  77. hammer

  78. summer

  79. corvette

  80. taylor

  81. fucker

  82. austin

  83. 1111

  84. merlin

  85. matthew

  86. 121212

  87. golfer

  88. cheese

  89. princess

  90. martin

  91. chelsea

  92. patrick

  93. richard

  94. diamond

  95. yellow

  96. bigdog

  97. secret

  98. asdfgh

  99. sparky

  100. cowboy

We Still Don’t Protect Ourselves – Some Password Statistics

A look at some facts and figures about password security

It’s absolutely everywhere.  Every account we have, every time we sign up for something online; “Choose a strong password”.  The vast majority of us know that strong passwords are one of the most important aspects to keeping our lives in cyberspace secure, and yet, it seems we’re hell bent on continuing to do the virtual equivalent of ‘leaving the key in the lock’. Continue reading “We Still Don’t Protect Ourselves – Some Password Statistics”