Passwords. We need them. We can't remember them. That's why more of us than you'd think resort to easy ones: password1, 123456, or princess. Or we try to get all creative, like corvette1983.
Mauricio Estrella, an associate creative director in Shanghai, developed a unique way to create and remember passwords. He used a personal goal, with a power of positive thinking twist, as his password.
It started while he was grappling with anger from his divorce; he channeled that feeling into the password Forgive@her, which he typed daily for a month. He realized his rage melted away. So he tried a new one, QuitSmoking4Ever, and it worked. While not every password goal succeeded he kept creating positive passwords, repeating the mantra daily until time to change it.
“I thought the idea was clever enough, so it pumped me to continue trying it," Estrella told TODAY. "I saw it as an experiment at first, and I actually had little hopes of it working. It was a very dreamy concept, but somehow, in the back of my head, there was a voice telling me it would work. And it did.”
Psychologist Ann Kearney-Cooke of the Cincinnati Psychotherapy Institute says this is a great way to spark a change, such as getting in shape.
“He took control of his life. He realized [he had] this negativity, this anger about what happened and he turned it around,” she says. “These passwords, you’re going to use them a few times a day and they are suggesting focusing on something different.”
If people want to change, save for a trip or quit smoking, for example, Kearney-Cooke says writing the goal down daily or changing a password will help them modify their habits. But the goals need to be realistic. Even Estrella admits his goal to lose weight — Eat2times@day — might have been unrealistic.
“I think some of my monthly goals were more evident and urgent than others. Losing weight was not gonna happen in a month, so I knew from the beginning there was gonna be an offset between the password lifetime and the goal lifetime,” he says.
Estrella isn’t alone. Many of us select emotional passwords, though not always as goal-oriented.
“It is easier to remember,” says Kearney-Cooke. “Emotions drive behavior.”
Lujo Bauer studies passwords as an associate research professor at Carnegie Mellon University. He understands why Estrella created the passwords he did. Everyone has so many passwords and they are tough to remember.
“You try to pick something that comes to mind easily so you pick something you like,” says Bauer.
Lots of people pick family members’ names, lyrics to a favorite song or a line from a book.
“When we see these big breaches, one of the top 10 is always ‘princess.’ … [We] see lots and lots of names,” says Chester Wisniewski, senior security analysis at Sophos.
Using a password as positive reinforcement may help you save for a dream vacation, but it's not necessarily the safest as far as security. Some of Estrella’s passwords aren't very strong against cracking.
“They’re not particularly great passwords, which he admits at the end,” Wisniewski adds.
Bauer elaborates: “He’s using a symbol where he would use a space or he is turning a letter into a digit and those are both standard practices.”
People trying to crack passwords would first try to change the "for" in QuitSmoking4Ever to "4" and try to capitalize the first letter of each word.
On the plus side, many of Estrella’s passwords are long, which researchers find thwart attackers from stealing passwords. And, using a story or a goal certainly helps jog the memory.
Jeremiah Blocki, a postdoctoral fellow at Carnegie Mellon University, has been using stories to help people remember random strings of letters for a password. He asks people to memorize a story about Bill Gates swallowing a bike on the beach, for example, and from that a user would remember a few letters that go into the password.
“In some ways it is the inverse of what my research is focused on,” Blocki says. “He’s using the fact that he has to type in his password every day to remind him of something important … it’s a cute idea.”