There can be nothing more heartbreaking than losing access to important resources because of an oversight. However, back in 2021, a water treatment facility in Florida was hacked almost solely because it was using an operating system (OS) released in 2009, namely, Windows 7. Now unsupported, the OS was riddled with bugs and unpatched vulnerabilities, and virtually wide open to attack.
It’s easy to feel a sense of superiority over the people involved in these incidents, but many of us have no right to. An infographic produced by ExpressVPN on the topic of passwords showed that, as a society, we’re useless at securing our virtual property. The top password in Norway, Denmark, and Germany is the local term for password, while the USA has the sweet but silly alternative, “iloveyou”.
Certain passwords are in such frequent use around the world that it’s possible to infer certain cultural interests from them. In Italy, for instance, the password “juventus” hints at a love for the soccer team of the same name, while Turkey seems to have a bizarre obsession with the British band Anathema. Similarly, Croatia counts “dinamo” among its top passwords, due to the popularity of GNK Dinamo Zagreb, another soccer club.
The question that needs to be asked is why are we so reluctant to keep our email and social media accounts safe? The magazine Increment suggests that many password systems simply aren’t secure and usable, with complicated and often contradictory information about how passwords should be created. Should you use real words or nonsense characters? What about symbols or numbers?
The consequence of this situation is that users do the minimum to satisfy obtuse rules, effectively forcing their way through sign-up and/or password change forms just to get to where they want to go. This is one of the reasons why it may be unwise for businesses to enforce regular password changes on their employees. It’s an inconvenience that produces diminishing returns for security, as workers lose interest.
Consider, as well, the sheer number of services that the average person has to sign into each day. Add in secondary security measures like two-factor authentication, and it becomes difficult to view good password hygiene as anything other than a barrier to our digital lives, rather than the deterrent against cybercrime that it should be. Worse, it’s hard to reassure somebody that a long-standing annoyance is a positive thing.
Finally, humans don’t have a universal understanding of cybercrime. In fact, that “it only happens to other people” seems to apply to all kinds of negative and positive happenings in a person’s life, from a terminal disease to winning the lottery. Yet, it only takes one unsecured account to cause a cascade of breaches. If somebody knows your Gmail password is “password1”, for instance, there’s a good chance all your others are, too.
Picks for you:
In summary, the future of password security will require extensive reprogramming of a frustrated, disinterested demographic, something that’s much easier said than done.