The most common password in the world used by people is “Password”. That explains a lot about the state of internet security in the world.
In a recent interview Apple’s CEO Tim Cook said that world is one disastrous scandal away from really looking at privacy concerns more seriously. This of course was a hidden dig at the No.1 enemy Google, but his message cannot be taken lightly. Thanks to the media being rife with stories relating to hacking and stolen passwords; the biggest perception western world holds about China is that they are always trying to hack into your private world and steal your secrets. The fact that USA Govt. is doing the same and we are willingly signing away our own privacy rights to technology companies with the illusion of secrecy and safety; is a message that is somehow not getting through. When ex-CEO Eric Schmidt was asked to address the privacy concerns of general public regarding the Google products, his blunt reply was asking people not to put anything in web that we want to keep a secret. The fact that every one of us still use an e-mail password that we guard it from everyone in the world already tells us the futility of that argument.
We all have secrets to keep and we all care of our privacy. But still we use passwords that are opposite to what we are supposed to be doing. Internet security 101 is telling us to come up with difficult to guess passwords combining characters and letters; not use same password everywhere and not write it down anywhere. But in reality that kind of passwords is very difficult to remember and since the key factor in fixing password is about memory, we end up committing all sorts of password security violations.
If you want to make data more secure, asking people to come up and remember super complex passwords is not the way to change behavior. People will continue to gravitate towards simplicity and something easy for memory. The behavior that should be targeted to change is not the construct of the password but what the content of the password says. Usually a password is something meaningful to that person – ranging from wife’s name to favorite pet’s birthdate. A simple way to throw a potential hacker off his track is using password that can never be traced back to you thematically and has no relevance to you. For example, if you are a teen age boy sitting somewhere in Alabama; having a password about Dutch ballet dance moves should be furthest removed from your life and hence very difficult to guess.
Is this a full-proof strategy? Unfortunately, no. But it’s a more feasible strategy than asking people to remember a string of numbers and characters; and asking them to change it for different apps and platforms.