Why don’t people use strong passwords?

Time and time again, people fail to use strong passwords and what’s worse is that they do it knowingly.  In fact, in 2013, 90% of all passwords were considered vulnerable to hacking.  Internet users are still resorting to passcodes like ‘password’ (7% of users), ‘qwerty’ and ‘12345678.’  These passwords are on the list of the Top 500 Passwords, which means people everywhere use these passwords to store multiple accounts on a daily basis (79% of the public to be precise).  These are also the passwords that are the first to be cracked, within minutes and with no software needed.

So why don’t people use strong passwords?  Simple. 

1.       They’re hard to remember.

2.       They’re in a hurry.

3.       They have too many accounts.

4.       They don’t care.

5.       They don’t realize the risk.

6.       They think they’re immune.

How do you remember a strong password?

 In a blog written for the New York Times, the author interviews two cyber-security experts, Jeremiah Grossman, and Paul Kocher.  The author goes on to explain how these security researchers protect and remember their super complex passwords. 

Grossman copies and pastes his passwords directly into and out of an encrypted USB drive.  He generates a long, intricate password and stores it in the USB.  When he needs to log into an account, he copies and pastes the password from the USB.  This accomplishes three things. 

1.       He never types out his account information, which means keyloggers cannot record his passwords.

2.       He doesn’t have to remember his passwords.

3.       His passwords are never stored anywhere—on the internet, on his hard drive or on a piece of paper.

Most people would never go this far to maintain a strong password; therefore, Grossman follows up with the potential of a password manager like LastPass or SplashData.  These programs create strong passwords for you that you never have to remember.  The downfall of password managers is that your information is still stored on the internet.  If someone gains physical access to your computer, they can potentially gain access to every single password.  On top of this, password managers are just as prone, if not more, to hacks than any other company, website, or individual.  In June of 2015, the LastPass database was hacked.  This company, in particular, utilizes a combination of hashing and salting to secure data; therefore, cracking these passwords would take significantly more work than it took to crack Ashley Madison’s passwords.  But that still doesn’t ensure every account is secure.        

Aside from password managers, you are only left with your mind.  So the trick is to come up with a complex password that you can actually remember, which can be difficult.  Grossman and Koch say passphrases are helpful, but it’s important to remember not to use the passphrase itself. 

Amy Fabian