Why are so many people still using bad passwords?

While there’s only 1 reason to have strong passwords [security + privacy] (OK, that’s 2 reasons, but they’re tied at the hip, so let’s call it as it is), there are as many reasons to have bad passwords as there are people with an online account [for the sake of simplicity, we’ll round up to ∞ infinity].

But, while almost no one will tell you “I don’t want my accounts and my online stuff to be safe,” their choice of passwords speaks volumes.

sp_butwhy2

So, why are so many people still using bad passwords? Because, well… it’s complicated. Our own unique set of personal circumstances that defines each of us influences our approach to security and, therefore, passwords. It depends on the security consciousness of the individual (typically, older folks are more security-minded than younger folks), how tech savvy he or she is, and a myriad of other factors. From talking with people about security and passwords, here’s a handful of the reasons people give to rationalize, what they admit, are their own lousy passwords.

(Dare we call them excuses?)

The thing is, none of these reasons gets you off the hook from the personal responsibility of protecting yourself. In no particular order:

  • because they don’t know what to do,
  • because it’s hard to
    • create strong passwords (long, not based on dictionary words or your pet’s name, unexpected),
    • remember a strong, unique password for each of their accounts,
    • keep track of logins and strong passwords for all their accounts,
  • because they think they have to remember their passwords (and they know they can’t, so they blow the whole thing off),
  • laziness (believe it or not, this is a reason that people don’t mind saying out loud),
  • because they think they have the World’s Greatest Password™ that they can use for all of their accounts,
  • a feeling of helplessness/being overwhelmed (“if major companies can’t protect themselves, what chance do I have“),
  • because no one wants to be thought of as paranoid or as a security nut,
  • because it’s easier to make believe that passwords aren’t important to online security, ID theft, etc. etc.,
  • because they think they aren’t a target for hackers (little ol’ me syndrome – “I have nothing of importance that someone would want“),
  • because they haven’t been hacked, yet (this is the lottery argument – the odds of getting hacked are the same as my chances of winning the lottery: really, really small),
  • because they feel overwhelmed with all the news of hacks and breaches (“it’s happening all around me, so it doesn’t matter what I do“),
  • because they look at passwords as slowing down/hindering their own access rather than protecting their accounts from bad guys,
  • because they think it’s no skin off their back because someone else is going to cover their loses (e.g. the bank that will reimburse any money stolen by hackers),
  • because it’s someone else’s responsibility to take care of security (my IT guy or gal / brother / sister / father / son / cousin / neighbor does that for me),
  • because of the peekaboo effect (they are proposed by the supposed anonymity they have because no one can see them behind their screens),
  • because passwords have such a bad rap in the news,
  • because they’re waiting for the perfect authentication method to replace passwords,
  • because there is no stigma to being been hacked – people don’t think it was your mistake – instead, you’ll get a sympathetic reaction from friends and family about how hard security is,
  • peer pressure to share passwords with spouses or significant others
  • _________________________________ (fill in the blank)

Did your reason make the list?

In reality, there is no way to explain away our individual responsibility in our own security and privacy. Even as new authentication methods are introduced, strong passwords will continue to be a critical element of security. We recommend Sticky Password for the long, strong, unique passwords for all of your accounts.