We know how we’re supposed to generate passwords, but our brains just don’t work that way
You might be scrambling to come up with a new password after news Tuesday of a vicious software bug that leaves our bank information, credit card numbers, emails, passwords and other sensitive and supposedly protected information vulnerable to being exposed.
While Heartbleed’s danger lies in the fact that it can grab information like passwords and credit card information while you’re typing it in, it can also pluck usernames and passwords for decoding as well.
But while our brains are powerful and arguably more flexible than computers, there are certain things that silicon-based programming does better than the cells and nerves that make up our three-pound “hard drive.” Generating and remembering passwords is one of them.
Ideally, it’s best to have a different password for every account that contains private information: emails, bank accounts, and your favorite online shopping sites. The best passwords, we’re told over and over again, are alphanumeric, and not based on something that hackers can use as leverage to break your code, like birthdays or wedding anniversaries or addresses. Random number generators that require you to punch in a different number each time you log in are probably the best passwords around.
But practically speaking, your brain doesn’t work like that. The brain is more like a detective, using clues and prompts to pull up things from our memory banks. “The brain is designed to remember things that mean something,” says Dr. Glenn Finney, chief of behavioral neurology at the University of Florida and member of the American Academy of Neurology, and “forget things that are useless or don’t mean anything, which is the opposite of what we’re told to use in generating passwords.”
Blame evolution. Before the age of encryption and logins, nurturing irrelevant information wasn’t a benefit to survival. In fact, doing so could crowd out other, more relevant information, such as where those life-threatening tigers liked to roam.
So we’ve come to remember by association; the more salient and meaningful something is to you, the more likely you are to remember it. Not only that, but the memories that the brain stores are also malleable, modified ever so slightly by your experiences, past and present. “Items that you already learned can interfere with what you are trying to learn if there are similarities or differences between them,” says Dr. Barry Gordon, professor of neurology and cognitive science at Johns Hopkins University. “And what you are learning now can interfere with older memories in retrospect. All those factors conspire to be the exact opposite of what you want in remembering a strong password.”
Hackers know this. So if you’re trying to diffuse the next Heartbleed Bug (and you know there will be one), don’t fall back on your brain. Think more like a computer instead. You can take something that means something to you, like a phrase or favorite object, but try turning it into symbols or numbers. At least that way you aren’t fighting evolution — and the code won’t be entirely random.