Why your passwords suck..
Passwords are a string of nonsensical characters that separate us from our finances, our medical records, our school information, our entire digital life. It's amazing how much power these random characters hold over us, how much they can do. How a simple set of numbers or letters can represent us in the digital world, just like your ID card or passport lets people know what country you're a citizen of. Your passwords let companies, websites, and digital products know who you are.
The concept of passwords is thrilling yet scary. The idea that you don't have to be physically present to verify your identity before getting access to the deepest private information is amazing. But the fact that anyone in the world can pose as you by simply finding out what this random string of characters is can be terrifying.
When we think of passwords, we think of logging onto our favorite websites, standing at the ATM to withdraw cash, or getting into our phones and computers. When we think of passwords, we think of the digital world. But the truth is, passwords existed long before computers. Just like many other technological innovations, the use of passwords began in the military to figure out who was friend or foe.
Soldiers would create passwords that were passed around camp when they encountered a stranger. The person was then asked for the password to verify their identity. If the intruder didn't know the password, the soldiers would know that they were foe and take them prisoner. Over time, this use of passwords evolved into a password and counter-password system.
In the opening days of the Battle of Normandy, the U.S. 101st Airborne Division created the password "flash," but with a twist. The word "flash" was a challenge, and the reply to that, which was the counter-password, was "thunder." This was only one of the many passwords and counter-passwords they used as they created a new one every three days before it got compromised.
Now, you can say that "flash" and "thunder" are pretty simple words, maybe too simple for enemy soldiers to figure out, and you'll be right. But the thing about passwords is that as much as they need to be complex so they aren't easy to crack, they also need to be easy enough to remember, else you get locked out of your own troop. Today, this is how most people still choose passwords, even at a time when we have password managers and various other ways to store complex passwords so we never have to remember them all.
More often than not, people choose passwords that are super easy for them to remember. Usually, it's a name; it could be theirs, a significant other, a pet, or a family member. Whoever it is, more than half of Americans use names as their passwords, Michael, Jordan, Jennifer, Hunter, Harley, Buster, Andrew, Charlie, and Robert being the most common.
When people think of passwords, they often think of protection. And when people think of protection, well, we all think of superheroes, right? So passwords like "dragon," "master," "superman," and "batman" are all extremely common. They don't just show the characters we like the most; they also show how much importance, hope, and trust we have in these characters to protect us, even when they aren't real.
Sports have a similar effect on us. We might not look to these teams and players to protect us like superheroes, but we look to them for strength, for hope, for joy, for laughter, and entertainment. Sports bring happiness to billions of people around the world. So it's no surprise that when these people are asked to come up with a special word they can never forget, they pick the sport they love the most. Baseball, football, and soccer are the most commonly used passwords relating to sports.
When you dig deeper, European football team names like Manchester United, Chelsea, Arsenal, Barcelona, and Liverpool are all very frequently used as passwords in one form or another. Truly, you never walk alone. There's a chance I've probably mentioned part of one of your passwords already. They're all different but strikingly similar.
When we're not picking passwords with our hearts, we're coming up with them with our heads. We try to be smart and cheeky, clever and quirky. We pick things like "let me in," "trust no one," "abc123," and everyone's favorite password. More often than not, when we choose passwords like these, we think of them as unique. But when you consider the fact that the word "password" is the second most commonly used password in the world, you realize that we humans are, in truth, very predictable.
Although they are called passwords, passwords are not always words. Sometimes they are simply a string of random characters, and other times they're numbers, passcodes, or personal identification numbers (PINs). When faced with the challenge of coming up with a number for a password, most people pick the most significant date in their lives. Sometimes it's a birthday; other times it's an anniversary. This is especially true for PINs that require four digits, like ATM transaction PINs. When people aren't choosing 1984 or 2002, 1 through 9 is the most commonly used, with the length dependent on how long the password needs to be.
So whether it's one, two, three, four, five, six, or one, two, three, four, five, six, seven, eight, ninety, one, two, three, four, or simply one, two, three, four, many times it starts with a one, two, three. Sometimes there's an abc, and then a one, two, three attached. And when it isn't simply numbers from one to zero, it's six sixes, or seven sevens, or six nine six nine six nine.
Most people, when asked to come up with a password, try to come up with something easy, something they can visualize, something they can easily remember. There is one method people use to come up with passwords that you might not figure out right away. At first glance, these might look like really strong passwords. They're not names of family members or pets; they're not our favorite superheroes or sports teams, and they're so random you can't possibly guess them, right? Well, wrong.
You see, all of these passwords are doing something called password walking, which is basically creating a password by simply typing out all the characters that sit together on the keyboard. Now, look at these passwords again; notice the pattern. Your fingers are basically walking through the keyboard as you type them in. They might look convincing, but the truth is they are not very secure. You're not the first person to try this, and you won't be the last. It's surprising to see how easy our passwords are to figure out.
The patterns in the way we come up with these seemingly random strings of characters illustrate our collective reasoning for picking passwords. We understand just how important these words are, so why do we put in such little effort into coming up with them, knowing how dangerous it could be if someone figured them out? When we think of someone hacking into an account, we often think of a programmer in a black hoodie in a pitch-dark room with 100 monitors and nothing but the sound of clicking keyboards filling the atmosphere. But the truth is most hacking is simply someone guessing your password successfully or just finding it on some leaked database out there. It's a lot simpler than you'd imagine.
Sometimes there are a number of ways hackers use to find your password, and the most common is called the dictionary attack. The dictionary attack tries every single word in the dictionary against the password until there's a match. Contrary to what you might think, this isn't just a normal dictionary; this dictionary is a file that includes all of the most commonly used passwords.
To understand just how much information is in this file, every single password mentioned in this video is in the top 50 most commonly used passwords, and the dictionary file can contain the most commonly used thousands or even millions of passwords. Research has shown that around 68% of Americans use the same password on multiple accounts, and to be honest, we've all been there. There's yet another site asking you for username and password every single day, and there's barely enough space in your brain to remember your old password, that coming up with a new one is just impossible.
But the problem with using the same password for multiple accounts is that once a hacker gets a hold of one of your accounts, they automatically have access to all of them. Yes, the big names like Apple and Google might have a lot of security details protecting your passwords, but what about that small obscure site that you registered on many years ago? Who knows, the company might now be bankrupt and have no means of keeping the passwords of their users safe, or in the worst case scenario, they sell that information to someone shady. Once your password for that account is discovered, your entire digital life is in jeopardy.
Immediately, someone from anywhere in the world could have access to your work life, school life, finances, medical records, everything. And there's nothing any of the big companies like Apple and Google can do about it. Sometimes our passwords aren't hacked or discovered or stolen; we willingly give them to other people. Research has shown that around 37% of people share their passwords with others. This is most likely down to streaming services like Netflix and Hulu. This isn't surprising when you discover that 88 million streaming accounts are borrowed.
Now, imagine that you give the password of your Netflix account to your friends and family, but that’s also your password for everything else. That's like sharing the key to your house, your safe, and all your personal belongings with everyone. Now at this point, I'm sure we're all wondering, so how exactly do you create a strong password? What even is considered strong to begin with? Aren't they all just numbers and letters anyway?
Well, the first thing you can do is to choose multiple words that are completely unrelated. You can mix words in from different languages, use the name of a local business, or a family secret that's been passed down from generations. Instead of just using "Michael" as your password, try "bonjour souvenir mona lisa iii." Although the words are completely random, a password like "bonjour souvenir mona lisa iii" paints you a mental picture that's completely unique to you, something that no dictionary attack will be able to figure out. I mean, until now if you actually decide to use it.
But whatever. When we try our best to make our passwords secure, we often end up with a leet speak version of everything. We've been talking about up until this point. Leetspeak is basically replacing standard letters for numbers or special characters that look like them. So "Michael" becomes "M1ch43l," "Jordan" becomes "J0rdan," and "Jennifer" becomes "J3nn1f3r." While these are certainly more secure than plain text, they are still very susceptible to hackers because of how popular they've become.
It might have worked at first, but then everyone started doing it, and now that everyone's doing it, it's easier to expect and less effective. Instead of swapping out letters for their leetspeak variants, try inserting completely random characters into the mix instead. It can be the currency sign that's unique to your country or perhaps a code that has some sort of significance to you, something that's easy for you to remember but difficult for anyone else to guess, as a part of a regular word.
Passwords have been around since the beginning of computing, but it seems that we may be seeing the very last of them. Because the truth is, even the longest string of random characters, completely devoid of linguistic meaning that's unguessable by even the best of systems, can still be separated from the user and used at any time and from anywhere in the world. This is why in recent years, biometric verification has become more common. Every modern smartphone now comes with either a fingerprint sensor or an iris or retina scanner, sometimes both.
You can now make purchases on app stores, log into your mobile banking platforms, and even make purchases in real life without a password using these biometric methods of authentication. With these new ways of authenticating a user becoming more popular, all of which are a lot more secure than the password, slowly the world is moving to a point where we will completely abandon the use of passwords for digital security.
For now, however, the best way to protect yourself from getting your data stolen through your password is enabling two-factor authentication. Most companies now offer 2FA, and where possible, this is for sure your best bet of keeping your information safe and secure. There are three main methods of authentication: something you are, something you know, and something you have.
Two-factor authentication basically combines any of these two to verify you. Something you are is biometrics, so your fingerprint, your iris, or your retina. These are things that are in you and cannot be detached from you. Well, except under gruesome circumstances. But all things being equal, these things are who you are. They are completely unique to you and no one else can have those things except you.
Something you have is either your phone, a physical key, or a token, or your SIM card. Usually, companies will send a unique code to your registered phone number to ensure that you have the SIM card that's trying to log into their service. Finally, something you know is a password. When you combine two of these three, say a fingerprint scanner and a password or a physical token and a pin, you get the most secure type of authentication available now.
So next time you're on a website and they ask you for a password, take some time to think about it. Don't type the first thing that comes to mind because chances are, it'll just be "password," and that's like putting a closed sign in front of your house, but still leaving the front door unlocked. And I don't know about you, but I don't like unwarranted visitors. Stay safe; your life literally depends on it.
This video was sponsored by Masterworks. Now in times like these, protecting yourself is priority number one. That includes protecting your health and protecting your wealth. Investing in non-market correlated assets can really help put your mind at ease. Luckily, I found a partner for today's video that helps you do just that. It's the only platform that lets you invest in multi-million dollar paintings without breaking the bank: Masterworks.io.
Now, we all know that the super wealthy love to invest in art, but you might not know why. And the truth is actually quite simple: Fine art has historically appreciated at 14% a year compared to the S&P's average return of nine and a half percent since 1995. On top of that, the 1.7 trillion currently held in art is estimated to grow by another trillion over the next five years.
The Masterworks platform allows you to invest in paintings by world-famous artists like Banksy and capitalize on the appreciation of their art. For example, I think that this painting by Banksy is going to appreciate nicely, so I simply went on Masterworks.io, selected the number of shares I wanted to own, and then bought them. It's really that easy.
Now that I'm invested in that painting, I can either wait for it to be sold and collect that portion of the sale, or say I want access to my money earlier, I can sell my shares to the secondary market to someone else, just like you would in any other market. It's really a brilliant platform that is opening the high-end art market to everyone.
But as a result of that, there's typically a long wait list for those who want to invest. Luckily for you, I've partnered with them on this video to provide you an opportunity to skip that wait list, which you can take advantage of by clicking the link at the top of the description. Masterworks is really opening the world of high-end art investing to everyone.
If you're interested and want to venture into this world, I suggest you check out Masterworks. You're supporting your financial future and aperture at the same time.