6 Ways Passwords Fail Basic Security Tests

New data shows humans still struggle with password creation and management.

Humans are good at some things, like eating too many potato chips or getting annoying songs stuck in their heads. They're not so good at choosing edible wild mushrooms by appearance, for example, nor are they good at choosing strong, safe passwords. Unfortunately, that last item has some serious repercussions in the cybersecurity world.

Security.org's new report on password strategies in the US serves as a painful reminder of just how humans fail at the basic task of choosing (and using) a strong password. Many, if not most, of the issues around passwords can likely be laid at the feet of a pair of human traits: We're fallible, and we're stubborn. Put them together and you have a recipe for a system that we can't use well and are reluctant to change.

One of the ways that humans demonstrate their problems with passwords is in the continuing reluctance to use a password management program. Experts have long said that password managers are key to making computer and network credentials more secure, yet Security.org's research shows that only 12% of users have a password manager as part of their secure authentication routine. Instead they turn to methods only slightly more reliable and secure than teaching passwords to a nearby parrot: 37% depend on their own memory for password storage while 20% go OG with paper notebooks.

Given the high-tech password retrieval systems in use, it's perhaps no wonder that many users choose passwords that are lack sufficient security heft. Based on current research, there are six ways in which users blow the basic task of creating a secure passwords. Or to put it less judgmentally, six ways in which passwords fail to measure up.

How many of these "failures" do your passwords exhibit? Or are you one of the few who use technology to help create and manage strong passwords? We've seen the security.org research -- we'd like to know what you and your organization are doing about passwords. Let us know in the comments section.

(Image: mangpor2004 VIA Adobe Stock)

About the Author

Curtis Franklin, Principal Analyst, Omdia

Curtis Franklin Jr. is Principal Analyst at Omdia, focusing on enterprise security management. Previously, he was senior editor of Dark Reading, editor of Light Reading's Security Now, and executive editor, technology, at InformationWeek, where he was also executive producer of InformationWeek's online radio and podcast episodes

Curtis has been writing about technologies and products in computing and networking since the early 1980s. He has been on staff and contributed to technology-industry publications including BYTE, ComputerWorld, CEO, Enterprise Efficiency, ChannelWeb, Network Computing, InfoWorld, PCWorld, Dark Reading, and ITWorld.com on subjects ranging from mobile enterprise computing to enterprise security and wireless networking.

Curtis is the author of thousands of articles, the co-author of five books, and has been a frequent speaker at computer and networking industry conferences across North America and Europe. His most recent books, Cloud Computing: Technologies and Strategies of the Ubiquitous Data Center, and Securing the Cloud: Security Strategies for the Ubiquitous Data Center, with co-author Brian Chee, are published by Taylor and Francis.

When he's not writing, Curtis is a painter, photographer, cook, and multi-instrumentalist musician. He is active in running, amateur radio (KG4GWA), the MakerFX maker space in Orlando, FL, and is a certified Florida Master Naturalist.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights