It’s easy to crack your password

We all know cyber-hackers are out there hacking websites or accounts, hoping to attack our bank accounts.  New report describes our most common password is still 123456. Is it laziness or short memory that makes us so easy to hack?

A password should be a word or number who should not hacked by professional hacker.Advance life style demands of us a apparently endless series of trivial options, not the least of which is the necessity to make up a password for your hundred-and-something web account. Who can be bothered to make and memories yet another twisty bolus of alphanumeric rubbish? Not many of us, it seems. According to a new study by Splashdata, the most common password remain in 2013 was "123456", narrowly followed by that faithful old standby, "password", which it is someway charming to see still so commonly deployed. Is this absolute laziness or a lack of security education, or something else?

Some of the other well-liked passwords on Splashdata's list (mined largely from a giant leak of Adobe customers' details) do begin to paint an intriguing picture of the shared digital id. Isn't it gratifying to see "iloveyou" at No 9? (Unless people are typing it to themselves, which would mean that wide use of the internet in fact does turn you into a frothing narcissist.) At No 14 is "letmein", which one can't help hearing as having an indirect "goddammit" at the end. (It also jog your memory that a "password" was formerly spoken to gain admission to secure parts of a palace or military equipment.) Somewhat unexpectedly, No 17 is "monkey", whether out of common appreciation for our simian cousins or up till now unsuspected upsurge in reputation of the seminal 1970s kung-fu show it is hard to tell.

At 24 on the list, seemingly added by a lot of The X-Files fans, is "trustno1". But this look like a bit conflicting. If you really were a suspicious sci-fi fan who believed that the government was actually run by aliens, wouldn't you wish a stronger password? On the other hand, if it is government inquiring in fussy that you care about, you will think that passwords are unrelated, since we know that the NSA and GCHQ can also hack into just about anything.

But secret agents aren't the only ones looking; there are also cyber-hackers mounting complicated attacks on websites in order to Hoover up ID and credit-card details and information, and so on. So, why make it very easy for them? Tom Stafford, lecturer in psychology and cognitive science at the University of Sheffield, says: "Most of the people give the impression to believe there is a little risk in having weak passwords – most of us give the impression to rely on 'security by obscurity'. Obviously this isn't a clever choice as more and more of our lives are online."

It has long been known, moreover, that even when people are optimistic to choose a password stronger than "123456" or "admin", they tend to fall into expected patterns. According to a 2006 study by Shannon Riley of the psychology of password creation, "users naturally use birthdates, wedding anniversary dates, telephone numbers, license plate numbers, social security card numbers, street addresses or apartment numbers and etc. Similarly, personally meaningful words are characteristically derived from expected areas and interests in the personal life and could be guessed through basic knowledge of his or her personality." That’s why all the TV detectives who guess the suspect's laptop password are the name of her dog or his girlfriend name.

We should be uncertain to understand these findings as showing that ordinary internet users are just simply stupid, however. The solid that compiled this list, Splashdata, sells password-management software, so it is comprehensible that the lesson it derives from its conclusion is that people should choose stronger passwords, possibly with the benign help of its own products. So why don't they?

One of the reasons might be that, since we all think that some of our accounts (Tweeter or facebook) are more important than others; we also do believe it doesn't matter if we use weak passwords for the youtube or dailymotion. But this is unsafe since it means those services become a big target for hackers, as Adobe's did. Certainly, the mount of two-factor verification – where you want both a password and a unique code generated by your Smartphone to log in – is starting to ease the password difficulty for services people really care about, such as e-mail or Dropbox. So it is those "non-refundable" accounts that are really the dangerous ones. This is all the more galling when one regard as that, according to a 2010 study by Joseph Bonneau and Sören Preibusch, many websites use passwords "principally for psychological grounds, both as a reason for collecting marketing data, and as a way to build trusted relationships with clients" – in other words, the password require a commercially provoked placebo to begin with.

The other reason is people might be driven to select such weak passwords when they can get away with it is because technology's way of affording to save us from ourselves is so frustrating. You know the drill on some websites: your password must be having latest eight and maximum 12 characters long, and including a mixture of upper-case and lower-case letters, as well as numbers "For God's sake, will this do?” It is not possible that you will remember one of those, let alone dozens.

Stafford says: "For me, passwords are huge example of how technology asks us to be more like computers rather than computers knowledge to be more like us. Suggested passwords are strings of random letters, numbers and strings – exactly the thing it is easy for computers to store, and hard for humans. It's the reserve of the early dreams of mock intelligence, asking our intelligence to be more like the artificial."

In view of mathematical fact, a charming phrase such as "lemon Beyoncé anvil cake" is far more complex to crack than "j&!Wo078:(((", because every additional character of password length increase the combinatorial possibilities. This is well recognized to fans of the web-comic XKCD, which has explained why a brute-force attempt to hack the password "correct horse battery staple" would take a speedy computer 550 years. (There is an appropriate geek joke for this condition, that, since that cartoon appeared, everyone's password is now "correct horse battery staple".)

The extensive substitution of text passwords by reliable biometrics (such as fingerprint scanners) is one of those technological assurance that has been around for many years and still has not come to execution, despite the fingerprint sensors are on the new iPhone and Samsung android phones. Meanwhile, I glad to think of the millions of people choosing "password" for their password as a kind of silent rebel movement, an effective groundswell of ironic protest at the manifold laborious irritation of digital existence.

If you doubt that a simple password can be mocking, number 25 on the most-popular list, "000000", which has a interested historical analogue. In the late 1970s, according to Eric Schlosser's new book about nuclear security, Command and Control, it was determined that the US air force's Minuteman nuclear missiles should all be built-in with a device requiring a code to be entered before they could be launched. In what Schlosser calls an "act of disobedience" against prissy safety concerns, the USAF set the password to "00000000" everywhere. Yet I don't know about you, but that makes the opportunity of my facebook account being hacked into some sort of perspective.