The psychology of passwords: beating the hackers and keeping your information safe

Posted by Rudy Mitra on Jun 5, 2019 10:35:02 AM
Rudy Mitra
Find me on:

The psychology of passwords: beating the hackers and keeping your information safe

In 2018 SplashData released a list of the top 100 worst passwords, with biteme, whatever, merlin and starwars all making it onto the list. The top 10 probably aren’t surprising to anyone, and that’s a bad thing:

10. iloveyou

9. qwerty

8. sunshine

7. 1234567

6. 111111

5. 12345

4. 12345678

3. 123456789

2. password

1. 123456

It’s easy to see why so many people are hacked every day – they’re making it way too easy for cyber criminals.

As Forbes states, “Even an account that seems insignificant could allow a skilled hacker to execute a sophisticated attack against you. Worse still, they could use that account to impersonate you and launch attacks against your family and friends.”

It’s one thing to compromise your own security, it’s another thing altogether to compromise that of your family, friends or workplace.

According to the Australian Cyber Security Centre, there are a number of things that can, and do, go wrong with passwords:

  • Good passwords are hard to remember
  • Simple passwords are easy to guess
  • Re-using passwords across many accounts is tempting
  • Passwords are often incorrectly stored
  • Passwords are often reset by email
  • Passwords often have a single point of failure

Why is this?

Most of us know that we should create individual, difficult to hack passwords. But in reality, when we look at cognitive psychology, which deals with attention, memory and problem solving; we see that we choose options that are simple to guess, use the same password or a variation on multiple platforms, share passwords, record them on paper and use mnemonics – all with the intention of making it easier to remember the multitude of passwords we all need to navigate the modern world.

So, can’t I just use my browser to save passwords?

Saving your passwords in your browser’s password manager is better than a text file in your phone or a scrap of paper stuck to your computer screen, but it’s still not 100% secure. Anyone that can potentially access your computer, mobile or tablet could login to your accounts using your details if your passwords are stored this way.

Is it possible to hack a password manager?

Yes! Given all your passwords are in the one place, it’s a very attractive target for cyber criminals. Ensuring your password for your password manager is really strong is important, but given you only have to remember one, it should be easy enough to do. Forgetting this password could mean you end up locked out of all of your accounts so make sure you memorise this one!

Protecting yourself and your business

Adding in single sign-on (SSO) and multifactor authentication (MFA) are two easy ways to add a significant degree of security to your passwords and that of your teammates.

A single or global sign-on (SSO) that is used for all business tools causes users to create longer, stronger, and more secure passwords as they only need to remember one.

Multi-factor authentication (MFA) requires a third piece of verification, in this case physical access to the user's phone, before they are authenticated to complete their login. MFA is considered one of the most secure measures you can implement to stop unauthorised people accessing your applications and compromising your business.

And, as always, if you’re serious about protecting your business from cyber security breaches, we’d love to chat. Cyber security is one of the things we do best, and our team of experts are ready to start a conversation with you.


If you liked this article, you may also like:

Six concerns for CISO's in 2019 and what you can do to counter them

Cyber security in financial institutions: there’s no “one-size-fits-all” approach

Project management tools: how to choose the right one?


Rudy Mitra

Digital Marketing Coordinator


If your network future-proofed?


Password management tools: how important are they really?

We’ve talked about the importance of password mana...

The top 3 cloud security challenges

Advances in technology bring with them a host of c...

The best practices of Administrative Privilege Management

This is the final blog in our series on the ASD Es...