Memorable Passwords, And The Users Who Love Them
So here’s a quick test. Which password is more secure?
1.) J4fS<2
2.) this is fun
…
Got your answer? Here’s the correct one:
The second is more secure.
Unless you’re a memorization superchamp, you’ll have to write down the first password on a sticky note or in a text file in order to remember it. Secure? Hardly.
The second password does not include any crazy characters of jumbles strings of hard-to-guess characters. However, due to the way hackers go about trying to guess passwords, it’s significantly harder to crack, and you can read all about that in this excellent article (which, incidentally, is where I grabbed the above examples from):
Not long ago, I was on a website where I needed to update my password. It had to be 8-16 characters long, contain at least one capital letter, at least one number, at least one funny character. But only funny characters from their allowed list. I totally wrote it down on a sticky note. Shameful, I know, but otherwise, I’d forget it. And the next time I’d log back in to that site, I’d need to generate a whole new password I was liable to forget again.
Back in the day, when daily use of computers was a pretty new idea, people were just not very good at making passwords. Popular passwords of bygone days included “123456”, “admin”, whatever your cat’s/firstborn’s name is, and the ever classic “password.” And, since so many people were using them on intranets, the worst that might happen to most people if their account got hacked was to have their custom TPS reports stolen.
Then comes the Internet, with all kinds of stuff-buying and sensitive-information-storing. But people still used bad passwords. And if their account got hacked, who gets blamed? Not the numbskull that continued using “password” as a password, but the company they created the password for. The customer is always right? And as a result, password security has evolved into the Nanny State we have now. We’ll make sure you’ll use a secure password, whether you want to or not, dammit!
Password validation exists to make sure people are choosing tough to guess passwords. Along the way, enough people decided that higher complexity in a password was simply better, and soon enough this became the password standard, despite the hazy definition of what actually constituted a “secure” password.
But here’s the thing: the Internet has left its rowdy teenage years and is a smart and spiffy grownup now. Everyone uses the Internet, and at this point anyone who thinks “password” is an awesome password is better off crawling back under the rock they’ve been living under for the past 10 years. And this all really comes back to making your web presence as user-friendly as possible. If you’ve got a password protected area on your website, don’t force your clients to memorize convoluted strings of characters just to access your site. Let them make a password along the lines of “this is fun,” and your client can focus their attention on what really matters – your site’s content – rather than some ridiculous string of characters.
Comments
Post new comment