Why it is dumb to have 'password' as password
A few weeks ago, the producers of Jimmy Kimmel's show were up to no good. Going around the streets of Los Angeles, they pretended to help people understand how secure their passwords were, by asking them to reveal, well, their password. And believe it or not, a few dummies fell for this piece of mischief and disclosed their passwords on national TV.
Now you'd think you would have known better, but it turns out that most of us are not very different. Lately, a lot has been said about cybersecurity - the private iCloud images of celebrities leaked, the Sony hack that laid bare the private correspondence among movie executives (even the employees' salary), SnapChat pictures which users thought were deleted, along with multiple Facebook and Twitter account hacks. SplashData came out with its annual list of the most common passwords used and the list proves that there are people who still use "123456" and "password" as their passwords (we kid you not!).
"In the wired 21st century, passwords are proliferating at an alarming rate," the firm said in its report. "It's no surprise, then, that users often succumb to password fatigue and commit such security sins as using passwords based on names or words culled from a dictionary, reusing passwords or writing them down on pieces of paper that are left lying around the office."
Despite high-profile data breaches becoming the norm and with 2014 being called the year of cyberhacks and leaks, people are still using passwords that should have been tossed in the bin a long time ago, simply because they don't see themselves as 'hack-worthy'.
Why would anybody hack me?
In the extremely grave context o the recent leaks, there are people who just see it as someone else's problem, because 'why would anyone want to hack them?' Shifani Reffai, a food and lifestyle writer, says she has nothing to lose even if her account does get hacked. "If you're not in the public eye, chances are that no one is actively trying to hack you. That's the reality. Therefore, there is no need to overcomplicate your passwords to the point that it becomes a challenge to remember them or even worse, end up writing them down on paper," she says.
She adds that though she does feel unsafe online, especially since what you share on one platform is synced with another, she'd rather curb her online activity in order to keep some of her privacy, than have complicated passwords that are too hard to remember.
Same password for all accounts easy to remember
Research shows that 16% of passwords matched a person's first name, 14% were patterns on the keyboard, 4% were variations of the word "password", 5% referenced pop-culture, and 4% likely described things nearby to the user when picking a password.
It is of no surprise, then, that the majority of people disclosing their passwords on Jimmy Kimmel's show, chose their birth dates and pet's name as their passwords. Now either you're a genius adept at remembering multiple sets of complex passwords, or you're just using the same basic password combinations for most accounts. There is more than one reason to believe the latter is true.
Kriti Aggarwal, co-founder of an event management firm in the city, says that cyberhacks don't stop her from having the same password for all accounts. "As far as I can remember, I've had the same password for all my accounts and it has also been the simplest and easiest to remember. The type of privacy I'm worried about isn't privacy from the government, marketers, spam or phishers," she explains. "It's privacy from my parents, siblings and colleagues. At most what I can be worried about is if my bank account details get leaked, but I think I am cautious enough when it comes to that. I don't have to worry about some really confidential in formation being leaked, because let's face it, I'm not that important." she says.
Sharing passwords with friends, family and colleagues
Despite the increasing necessity to protect their digital assets, many people continue to share their passwords with friends, family members and even work colleagues. Because according to them, they don't think that there is anything so compromising that they'll regret later.
Research has shown that people have gotten comfortable with sharing more information openly and with more people. "Most of my colleagues know my computer's password in office as someone or the other needs to use it once in a while. I have passwords of the websites I visit saved in my browser but I don't expect my colleagues to go through my personal emails or steal my bank account information because I trust them. Some of my friends have access to my Facebook and Twitter accounts as well because I have nothing to hide from them and hence, there is no need to use a complicated 'strong' password," says Gitika Sharma, a graphic designer.
Facebook, Gmail relatively safer
Facebook lets users have the option to adopt two-factor authentication, but it would be interesting to see just how many people have implemented it. This shows that there is still a wide gap between consumer knowledge and perception.
Gaurav Sharma doesn't think social networking sites such as Facebook and Twitter, and something as simple as checking your emails on Gmail, require a two-level authentication procedure. "Using a strong password does help a lot but the problem is that few of us can remember many such strong passwords. I do change passwords for my accounts, but not very frequently for Facebook and Gmail. I find these relatively safer websites to work on and don't find the need to turn two-factor on," says Gaurav.
So what is a good password?
Experts define a strong password as one that is 'difficult to crack, has combinations of upper and lower-case letters, number and special characters and should be different for each site' - definitely not the word "password". But the news isn't all that bad. Study also shows that even though the list of the most common passwords may be astonishing, the passwords in the list aren't necessarily the same as the most leaked ones.
People are moving away from using such passwords, but the rate is definitely slower than we'd expect.