Password Psychology: Why Do We Pick Bad Passwords?

Password Psychology mind puzzle

Even after reading about the data breaches in the news and recommendations on websites about how to create a strong password, many consumers are still creating bad passwords. Password psychology gives us some insight into why people change their passwords and why they use bad passwords.

The main reason that people change their passwords is because they don’t remember their old one. Using password psychology, we can determine that your personality will help dictate the types of password you will pick. While your personality type does not control your behavior, it will allow you to rationalize having poor password methods.

Password Psychology and Personality Types

For Type A personalities, their password behavior is derived from their desire to be in control. Even though they will use the same password more than once, their beliefs are that they are not at risk because they take a proactive approach in selecting their passwords. Type A personalities will frequently reuse passwords because they want to make sure they remember them. Because they are detail oriented, they will usually have a way of remembering these passwords and 2/3 are proactive to keep their personal information secure.

For type B personalities, they believe that their accounts are not worth the hacker’s time and therefore convince themselves that their bad password habits are acceptable. In fact, 45% think their accounts are not valuable enough to be hacked, and 43% will pick a bad password based upon the fact that it is easy to remember.

Are We Really Using Bad Passwords?

In 2012, the networking site LinkedIn was hacked and 167 million accounts were compromised along with 117 million passwords. While the passwords were encrypted, some researchers at LeakedSource were able to decrypt them. Here are some of the most popular, courtesy of

Bad Password

  • 123456 was used 753,305 times
  • linkedin was used 172,523 times
  • password was used 144,458 times
  • 123456789 was used 94,314 times
  • 12345678 was used 63,769 times
  • 111111 was used 57,210 times

The list goes on and on with bad passwords that contain series of numbers, people’s names, pet names, and more. Using password psychology, we understand the reasoning behind why people pick bad passwords.

The reality is that every password needs to be secure and it needs to be something that you can remember. Here are a few tips you can use to create a strong password:

  • Make your password longer than eight characters
  • Use uppercase, lowercase, numbers, and special characters like $@!&*/?
  • Do not use words or dates that are related to you (i.e. family members, your son’s birthday, a pet’s name, etc.)
  • Instead you can use combinations of words that have numbers, special characters, and capitalization mixed in. Misspelled words that do not exist in a dictionary are also a good idea
  • Creating a password based on a phrase that you can remember is an easy way to create a strong password

Example: The phrase “I will go to the store every Friday at three” could translate to “Iwg2tseFa3!” using the first letter (or a number for the letter) of each word. This way, you can memorize the phrase instead of the password.

While password psychology does give us some good indications as to why we pick the passwords we do, it’s up to us to use our free will to create passwords that secure our information and protect ourselves, our families, and our businesses.