Feeling Insecure? Because Your Passwords Are

If your password is weak and your password hint is lazy, you’re more likely to get your identity stolen. So let’s learn to write better passwords.

Feeling Insecure? Because Your Passwords Are
[Image: Flickr user Alpha]

Last month Adobe announced hackers had nabbed the account information of 2.9 million users–customer IDs, encrypted passwords, and other data. Then, a few weeks later, they jumped that estimate up to 38 million people. To top it off, 10 gigabytes of said data has been making its away around public forums, as Al Jazeera reports.


The software giant’s response?

“Our investigation is ongoing,” says Adobe spokesperson Heather Edell.

What’s being invesitagated is heady stuff for anyone who spends their days wading through logins: turns out that people are often loonily lackadaisical with their passwords.

Lazy hints, easy hacks

Al Jazeera America obtained a copy of that aforementioned data set. According to reporter Joanna S. Kao, the data set has 130 million encrypted passwords and more than 43 million password hints.
While decrypting passwords is hard for hackers, you make it easier on them if you’re lazy with your password hints–which could lead to your data getting taking advantage of. For instance, users in the Adobe data set sometimes had their password hint the same as the password itself–which is ridiculous. Additionally, you shouldn’t have a hint that’s anything a potential identity thief could easily search for. Unfortunately, the data set that Al Jazeera found had hints like these:

  • “high school”
  • “mom”
  • “kids birthplace”
  • “namecomapny”
  • “1st dog”

Which are all pretty easy to ferret out with some deep Googling and a Facebook or LinkedIn search or two.

Additionally, some Adobe users had the gumption to use sensitive information as their password or hint. This is terrifying because if you use your social security number in your password, should you get hacked, you’ll not only be jeopardizing your interactions with Adobe, but across platforms. If you use the same password for your bank account, you can get nabbed there. And if you use your social security number–as those users above did–you enable the hacker in question to apply for credit cards or loans on your not-behalf.


So please don’t use the sorts of hints that these Adobe users had:

  • “social security number”
  • “what is my social security number”
  • “social security plus two”

How to get our passwords to actually offer some protection

Al Jazeera talked to private investigator Jimmie Mesis, who said that using something like your favorite food as your password, since that’s harder to guess than your parent’s names (unless you’re an Instagram junkie). As well, don’t use the same password for all your logins–that could create a cascade of insecurity.

Finally, we ought not to be so predictable: security researcher Markus Jakobsson
has found that people fall into readily hackable patterns. As he writes at PCWorld:

If we demand upper case characters in passwords, almost everybody will capitalize the first letter. If we demand a numeral, the number “1” is almost three times more likely than the number “9”, and “3456” is more than ten times as common as “4321”. Similarly, the “special” characters people use are far from special when you look at which ones are used and where they are placed in the password.

So in passwords, as in creativity, we can get a lot of value by breaking out of our habits.

About the author

Drake Baer was a contributing writer at Fast Company, where he covered work culture. He's the co-author of Everything Connects, a book about how intrapersonal, interpersonal, and organizational psychology shape innovation.