Years ago, when I was first learning a programming language (BASIC for back when it was practically the only language you could learn on the first personal computer, the TRS 80), I created a program and established a password system, because I thought this would be the wave of the future, where everyone would need passwords to get into programs. Turns out I was right, even though that doesn’t mean I was really all that forward-thinking, as it did seem kind of obvious at the time. Well, my first program I designed was a computer game called U.S. Air Force’s Strategic Air Command, and part of the beginning of the game required you to enter a password (yes, really exciting gaming I was making back then). I chose something I figured no one else would ever guess.
Well, another one of the kids learning computer programming with me tried out my program, spent a few seconds thinking about me, looked at the blinking interface asking for a password and then typed OMEGA. He guessed my password on the first try. Yeah, I felt really stupid, and to this day I still haven’t figured out how he did it, other than the possibility he was actually watching me when I coded it in back when I wasn’t really paying attention to who was stranding behind me while I was typing.
The point is: It was a stupid password.
Fast-forward to today, and Mashable has printed an article telling us just that: People still use stupid passwords. Their list (from Mashable) of the top overused passwords is:
- 1. password
- 2. 123456
- 3.12345678
- 4. qwerty
- 5. abc123
- 6. monkey
- 7. 1234567
- 8. letmein
- 9. trustno1
- 10. dragon
- 11. baseball
- 12. 111111
- 13. iloveyou
- 14. master
- 15. sunshine
- 16. ashley
- 17. bailey
- 18. passw0rd
- 19. shadow
- 20. 123123
- 21. 654321
- 22. superman
- 23. qazwsx
- 24. michael
- 25. football
Yep, believe it or not, people are still using PASSWORD as the number one stupid password. The others are equally obvious, which basically make the point for us that people generally use things they can remember to be their passwords, which means that quite often the average user, being a nimrod, is going to use something that is going to be massively easy to crack.
For years, my own password process has really evolved, then devolved and then re-evolved after one of my overused passwords got broken into, and my email sent to everyone as spam mail. It’s amazing what people choose for their reasoning behind passwords, which is why for the longest time I was using the name of a password used in a movie about computers a long time ago. I even named one of my stuffed animals after that password, and for years, I kept using that, or variations of that name, as a password. Stupid idea, and let’s just say that my eventual evolution didn’t come soon enough.
Some of the other names on that list are ridiculous, and I’m embarrassed that people would actually make such mistakes. “123456”? Really? Or “abc123”? I can see “Superman” just for the nostalgia factor alone, but “qwerty” and “654321”?
Okay, part of me also has to look at this from another angle. Sometimes, I think companies we do business with create password situations for us that really don’t make any sense. I’m a lot more careful about my email and my banking information than I am with my Netflix queue or a password I’m required to make up for a job search service I’m only ever going to use once in my entire lifetime. The other day, I was required to fill in additional information AFTER my password that was completely irrelevant to me, meaning that if I ever had to challenge my information (to get my password back), I’m never going to remember the answers to those other questions they wanted me to come up with. I’m talking about stuff like “What is your wife/significant other’s favorite color?” As I don’t have a wife or a significant other, I’m mainly making shit up there when I have to come up with an answer. In one the other day, it gave me six different questions to choose from, and to be honest, anyone who had to answer one of those questions has a much different kind of life than I do because I don’t have a favorite sports team, a significant other (which was the subject of three of the six choices I could use), a maiden name, or even the middle name of my best friend (haven’t had a best friend in quite a few years now). What would make those kinds of challenge questions better is to let me make up my own question and then present my own answer. Otherwise, chances are pretty good that I’m going to be clueless whenever it comes to trying to figure out a one-time password that I am not going to remember, and no, I don’t write them down somewhere because that’s the one thing you SHOULDN’T do with passwords.
I think I’ve said about enough on that subject. Please enter your password, writing it in iambic pentameter, to continue to my next irrelevant point.