Why Including Personal Information in Passwords Is a Terrible Idea

Personal Information in Passwords

We're hoping that you've done the right thing and have adopted a tool that takes care of your passwords for you. You do probably remember the times when you were doing it on your own, though. It was a struggle, wasn't it?

On the one hand, you had to have complex passwords that were long enough to render any feasible brute-force attacks useless. At the same time, each account needed to be secured with its own unique password. Before the automated password generator came along to take the burden away, you were probably deviating a bit from all the above rules.

Some of your passwords probably weren't as strong as they should have been, and we're willing to bet that the number of passwords you were using was smaller than the number of online accounts you had back then. If a 2010 research report from Check Point is anything to go by, you likely had some personal information in your passwords as well. Let's see exactly how bad of an idea this is.

Personal information is no longer personal

We're trying not to sound paranoid, but the fact of the matter is, in the modern world, some of your personal information will inevitably end up being publicly available. In some cases, it's not even your fault. Sometimes, websites and service providers that are supposed to be protecting your data don't seem to be very good at it.

In fact, recent incidents have shown the world that in some cases, getting a complete stranger's personal information is as easy as changing a couple of characters in the address bar. Chances are, we'll continue to see design errors like this one in the future, and the worst thing is, there's little you can do about it. In most cases, you don't know that a company has failed to protect your data until it's already too late.

Sharing isn't necessarily caring

Sometimes, however, you only have yourself to blame. In the age of social media, we share quite a lot about ourselves on the Internet, and we rarely think of the consequences. If personal information is included in our passwords, however, the consequences could be quite severe.

Take this as an example: you have a dog named Bailey, and you love him very much. So much so, that you've decided that one of your passwords will be "ilovebailey". You've also made sure everybody knows how much you care for him by featuring him in every single one of your Instagram photos. You can probably see how this could all end up.

Obviously, the example above follows the old "use the name of your pet as your password" cliché. Sometimes, guessing a password could be just as easy, even if you think that you've avoided the most obvious mistakes. Let's say that in addition to your dog, you also love the music created by British metal band Iron Maiden, and you frequently share videos from their concerts on your Facebook profile. It's fair to say that if hackers try to take over one of your accounts, "ironmaidenrocks" will be among the first passwords they try.

You might be thinking that we're being overly creative with our examples to bump up the fear factor, but a quick check will show you that people are actually using these passwords. Using the Have I Been Pwned service, you can see that "ilovebailey" has been found at least 241 times in leaked databases, and "ironmaidenrocks" has been pwned no fewer than 12 times.

The problem is not to be underestimated. If you must remember a password, you need to make sure that nobody will be able to guess it easily. Better still, it should make no sense to anyone. Luckily for you, you no longer have to worry about that because you now have a https://cyclonis.com/products/password-manager password manager that takes care of creating and remembering your passwords for you.

August 1, 2018

Leave a Reply