We Are Bad at Choosing Password Hints

Al Jazeera America has an article called “123456, your mom and other things that shouldn’t be your password,” which is pretty self-explanatory: It seems as if a lot of people are not very good at choosing passwords, or even when they are, they sometimes make the mistake of making the password hint too easy to identify. Here’s a list of popular password hints based on a recent data breach that happened to Adobe:

So even if you think your password is genius and uncrackable, it’s not if your password hint is “dog” and someone can easily figure out the name of your dog by poking around your social media accounts. Also not a good idea is having your password be: “The same as the one you use for your bank account.” Though I have to admit that my password hints are usually something like, “Oh, you know this!” which I laugh about every time I see it. TERRIBLE HINT.

---
---
---
---
---

14 Comments / Post A Comment

garli (#4,150)

Mine all start out with two or three strings of characters (combination of numbers and letters) and then have a different code at the end that makes sense to me based on what it’s a password for.

I swear it’s easier in practice than it sounds.

Lily Rowan (#70)

@garli I’m trying to implement that! I don’t have it quite down yet, but close.

amirite (#2,677)

@garli Yes, this is what I do too. For the most part it works, but occasionally I have to make a password for something and a clear code to associate with that account doesn’t present itself to me. Those are the ones I forget, especially if I don’t have to log into it regularly.

PicNic (#3,760)

for one of my accounts there’s a thing before you put your password in where they ask you a question “what’s your paternal grandmother’s name?” and my answer is just “idk” because I’ve never met her. Now that I’m looking at this I feel like that might be pretty easy to crack. ugghhh passwords. I want computers to just take my DNA to confirm it’s me and then give me all the access.

@PicNic Apart from the fact that it’s only 3 characters, answering these security questions wrong is actually a good practice. There’s only one way to answer a question right, there are infinite ways to answer them wrong.

The most important thing is to have DIFFERENT passwords for your most important stuff — Google, Amazon, Paypal, Apple, Facebook, Twitter, Dropbox/whatever cloud service, and your various financial stuff — from everything else. I’m not too worried about using the same throwaway password on every bullshit site I register for because if one of those sites gets compromised, the only thing the hackers will be able to use my password for is accessing other bullshit sites.

Still, I wish we could come up with a secure and easy to use login regime. I wouldn’t mind logging in to more stuff with Google or Facbook except I don’t want everything I do online linked back to my real life…

@stuffisthings Yeah, in the Gawker hack of 2010 everyone in the world found out my password was password. So my bs password worked exactly as planned!

I’d also use Google/Facebook login more if only they didn’t default to posting your activity all over the place.

sony_b (#225)

KeePass or KeePassX (for Mac)!

I literally have no clue what my passwords are for anything on the web except my master KeePass, email account, facebook, and a couple of sites where I comment regularly. Everything else is randomly generated and encrypted. I keep the KeePassX file in dropbox so I can access it from anywhere, and it’s got a cool feature where you can copy and paste your username and password from the entry list in KeePass, which means if you’re in public, or on wifi you don’t trust, or a computer you don’t trust, you never actually have to type your user/password combo into the machine, which saves you from keyloggers, spying eyes, that sort of thing. I keep all my wrong hints in there as well.

jquick (#3,730)

My techy prof hubby says to use a password at least 12 characters long. Start off like garli suggests above, then make it specific. He suggests the first letter from an alpha numerical saying, such as..When I Was 14 My Favorite Food Was Pizza. Which would be…wiw14mffwp…and then add something specific to the site of the password.

missvancity (#146)

I hate when the site forces you to use their own hint questions. Especially since mother’s maiden name is a pretty common one, and my mother never changed her name. REAL SECURE, JERKS.

Lily Rowan (#70)

@missvancity I get aggravated when all of their questions are about life milestones that don’t apply to me. Town you bought your first house! Year you got married! Pet’s name! Etc.

@missvancity You don’t have to be truthful in answering the questions!

sh (#5,016)

My password hints are all things like “dog” except … I don’t have a dog!!! But I do know what “dog” means to me, at least in a password sense. Just like I know what “car” means as a hint even though I don’t have a car. And so on and so forth.

Overall I don’t think I am the best at passwords since I don’t change mine enough, but a few years ago I sat down and created different logins for my bank, my cc, my two google accounts, and then a few passwords that I shuffle between for various levels of bs stuff, so at least I have that going for me.

My real password regret is that every time I come up with a great password though I get kind of sad because OMG I want to tell everyone how brilliant my password is!!!

Xkcd recently did a comic about the Adobe password hints, and mine was one of the ones listed! It’s okay though because there’s no financial information attached to that account. It uses one of my junk passwords.

http://xkcd.com/1286/

Post a Comment