The Folly and Frustration of Creating Passwords

1-2-3-4-5-6. It’s a fine way to open an episode of Sesame Street, or perhaps the next finger-snapping indie folk hit. But when it comes to protecting your most sensitive digital information—your banking records, your tax returns, or even your street address—you might want to keep looking.

Turns out many of us can’t be bothered. For the past eight years, cybersecurity firm SplashData has tracked the world’s most common passwords, compiling a worst passwords list from hacks, data breaches, and cyber leaks taking place mostly in North America and Europe in a given year. In 2018, this basic string of six sequential digits was the world’s password of choice. In fact, variations of the same sequence—six, nine, eight, and five digits in length—occupied four slots in the top five. The only exception: that old standby, “password”, sitting solidly in second place.

Let’s be philosophical and attribute the startling simplicity of such passwords to a desire to get back to basics, to reject the increasing complexity of this most digital of civilizations. Let’s be magnanimous and ascribe it to our increasing confidence in the various safeguards, firewalls, barriers, and other security measures taken up by the organizations to which we entrust our private data. Or we could be realistic and chalk it up to laziness—a Rhett Butler–esque refusal to give a damn when it comes to protecting what is fast becoming our most valuable asset: our digital identity.

Smart money is on the latter. Scanning through SplashData’s list, what becomes obvious is not simply a depressing lack of imagination and personality, but a distinct desire to avoid placing two hands on the keyboard. In addition to the numeric strings above, consider “qwerty” (9th place), “abc123” (15th place), and “123123” (17th place). Kudos to those who chose “!@#$%^&*” (20th place) for finding the shift key. On the other hand, those who entered 111111 (6th place) seemingly would rather not move their finger to a second location on the keyboard. The rank irony gives us one pause: apparently a vast number of us have no problem protecting our most intimate, most personal information with the blandest, most banal passwords that come to mind.

Apparently a vast number of us have no problem protecting our most intimate, most personal information with the blandest, most banal passwords that come to mind.

There are consequences to this digital apathy. According to global telecom giant Verizon, some 81 per cent of data breaches utilized a stolen or weak password as their attack vector. Little wonder, considering 73 per cent of online accounts are guarded by duplicate passwords, and 54 per cent of North Americans recycle the same five (or fewer) passwords across all of their online accounts. Forget being a computer genius—all it takes for a hacker to unlock a good portion of your digital life is a lucky guess.

These problems are sure to expand in the years to come. With the growth in the Internet of Things, tech industry watchers estimate that within two years there will be over 300 billion passwords in use throughout the world. Pretty soon, it won’t just be your mobile phone and your laptop that will need a password; your car, home security system, thermostat, fridge, and maybe even your toaster will require you to enter some sequence of letters, numbers, and characters before pressing “on”.

If such news causes you to sigh with fatigue rather than shiver with excitement, you’re not alone. And that is the core of the problem: not ignorance, but lethargy. The sense of tired indifference with which we approach the chore of “passwording” is another example of the ennui of the digital age. Listening to news of the latest corporate data breach, dealing with the latest virus or malware that has infected our PC, reading through the latest e-mail from that down-on-his-luck Nigerian prince who’s been trying to get in touch for years—the sheer volume of paranoia surrounding our online life has made us numb to the risks.

This is the price of a wired existence: a world in which nearly every interaction of consequence (economic, commercial, regulatory) requires a digital prophylactic in the form of multiple passwords, authentications, and screens. So, instead of playing along and changing our passwords, turning on two-factor authentication, or using a password manager to randomize our usernames and logins, we do what humans have always done in the face of danger: shrug. Keep calm and log on—haters gonna hate, hackers gonna hack.

On one level, this is just a cost of going about our online business. But living in a digital castle and building ever-higher firewalls to keep the hacking hordes beyond the gates—it takes a toll. We begin to view the details of our personal lives as our most perilous vulnerability. Over time, it changes the way we think about the world: threats become normal, privacy becomes a thing of the past, and making that age-old barter of freedom for security becomes as easy as 1-2-… well, you can probably guess the rest. 

_________

Never miss a story. Sign up for NUVO’s weekly newsletter, here.