Last updated: 21 March 2014
SplashData has released its list of the 25 worst passwords of 2012, including the usual suspects: ‘password’ (again, staggeringly, at the top of the list), 123456, and abc123. The list is quite similar to the one I discussed last year, albeit with a few arbitrary additions, such as “welcome”, “jesus”, “ninja”, “mustang”, and the ever elusive “password1”.
Unfortunately it seems that when it comes to our account security, we’re no more creative than we are secure. The most common excuses cited for a lackadaisical approach to personal security are that multiple passwords are too difficult to remember for today’s overloaded and time-poor internet users.
I think we can all agree that the internet has brought a certain spontaneity to how we consume and share content. Google Instant means you can search quicker than ever before, Twitter lets you publish a thought to thousands of people in seconds. The world seems to have sped up dramatically over the last decade or two, which is why it can be particularly annoying to be directed to an enormous registration page for some web-based articles you want to read or comment on.
“Social identity pioneers” Janrain recently published an infographic on their Janrainblog looking at this issue (see below for the full infographic). They found that 86% of people may leave a website when asked to create an account.
If, like me, you read a multitude of blogs, news sites and social forums, then the thought of having to set up another account and password can be just plain irritating. But why the aversion? According to the research, 60% of people have more than five unique passwords to remember (in a lot of cases I expect this to be much higher) and 40% of people use the ‘Forgot Password’ feature at least once a month. It seems we have neither the time nor the capacity to deal with so many requests, which could be leaving us vulnerable.
Debate still rages over what types of passwords are stronger than others (they should ideally be supplemented by multi-factor authentication), although no method is 100% infallible. While we can do much to make our passwords stronger, (not picking any of these as your password would help), the more sites and passwords we have, the more easily we could get confused and start making mistakes or getting complacent in the name of convenience.
As Janrain pointed out, using our social logins to provide an existing ID on other websites could be a useful tool in reducing the burden. Using your Facebook or Twitter login to access a story could work across multiple sites, as well as making it easier to share content on your networks. Of course, this is not a cure for our password problems (see email-marketing firm MailChimp’s blog for an interesting case study on the deployment of social logins), nor by any means is it risk free; but if it helps us focus on the smaller number of login details we really need, it may at least stop us welcoming ninja jesus’ mustang next time we have to register online.