ITP Sites:   ITP Site|TechBlog|TechHub in schools|NZ CloudCode|All Tech Events|Software Escrow NZ

ITP Techblog

Brought to you by IT Professionals NZ
Menu
« Back to Security & Privacy

Password psychology

Sarah Putt, Contributor. 04 June 2019, 9:20 pm

If you thought that passwords were a way to protect people's data, a key made up of letters, numbers and other symbols that enabled everything from making a purchase online to updating a Facebook account, you are mostly right. Passwords also provide a glimpse into a person's psyche.

That's according to Robbie Taylor, who is completing a PhD in Psychology at Victoria University and Professor Maryanne Garry from the University of Waikato. Surveys conducted by the pair found around half of the respondents infused their passwords with autobiographical memories.

"Many of the passwords our respondents told us about were facts-the old street name where they grew up or something else from their childhood," says Taylor.

"A lot of people also said they mix and match different facts, like a pet name and a year, or that they substitute some letters for numbers or symbols. They're meaningful units disguised to create a potentially more secure password."

The obvious reason that people make their passwords so personal is to ensure they remember them. Which, as Taylor points out, is not necessarily the best approach from a security perspective. "People are trying to reduce the burden of remembering completely random passwords. People are potentially trading off security for ease of remembering," he says.

It's the prioritisation of memory over security, which prompted the study in the first place. The researchers were inspired by a 2014 article in the New York Times, which described how after the September 11 attacks, some companies in which a large number of their employees had died faced the difficult dilemma of not being able to access information.

"One financial company needed to access the work files of the deceased, so they rang around asking family members for personal details to potentially find facts that could be in those passwords. The company found this method surprisingly successful," Taylor says.

Easy recall isn't the only reason for making passwords personal, another is to be reminded of personal goal setting. Taylor says about 10% of the survey respondents "infused their passwords with episodic future thoughts, which are simulations of events that might happen in the future."

"We found many passwords were associated with memories that served functions. For example, some people used their passwords to help them achieve goals, like saving for a holiday. These memories and passwords likely serve a directive function, by motivating and reminding people of what they want to achieve."

And when not seeking to make a better future, the password served as a way of remembering the good times that had gone before.

"The other explanation we found some evidence for is people might want to recall these memories when they type their passwords. That is, people might use passwords like digital mementos. Many people keep meaningful photos and physical mementos around their office at work. Some people may not look at these mementos to remind themselves of the associated memories very often. But, perhaps people with meaningful passwords might think of those associated memories more often because they type their password frequently. It could be a strategy to savour certain memories," Taylor says.


Comments

You must be logged in in order to post comments. Log In


Web Development by The Logic Studio