Hollywood portrays hackers as superpowered math geniuses who can intimidate computers into giving them whatever they want through intense keyboard mashing. Even outside of movies, they are feared as something like mysterious and powerful wizards -- the infamous hacker Kevin Mitnick was ordered to never use any networked technology more advanced than a pay phone, for fear that he could whistle a tone that would start a nuclear war.
But in reality, almost every "hacking" exploit that you hear about compromising some database or other is done with very simple methods that, many times, require no computer at all.
They can do that because our computers aren't secure, and never will be, thanks to the fact that ...
5Our Brain Remembers Passwords Only if They Are Words
The four most common passwords (according to Mark Burnett's 2005 book Perfect Passwords) are "1234," "123456," "12345678" and "password." (The fifth is "pussy" -- No, really.) On the next level of password caution, you'll find something like "dolphins." ("It's because I really like dolphins!")
Unfortunately, dolphins are notoriously terrible at information security. Hence their defeat in the Great Orca War.
Yet if you ask a website to generate a password for you, you'll get something like Yzivlq$0X?9. The difference is that most humans can't memorize much beyond seven digits unless there's some other meaning attached to help us remember. So we have to use an actual word instead of random character strings; otherwise, we'll never retain it.
The problem is that even if you use an uncommon word (such as "adelphogamy"), you are making it massively easier for a bad guy to guess your password. The average new computer can guess 10 million passwords a second. For reference, the unabridged Oxford English Dictionary lists about 600,000 words, and the average adult knows a fraction of that.
That means if your password is a word or even one of thousands of common names, an attacker can have your password faster than hands can type it. Even if you add a number to the end of the word, like "hunter2" or "entropy9," you've only increased the time it takes to crack to half a second.
It's not hard to make a secure password, one that's not a word and is reasonably long but still is easy to remember and quick to type. Take a phrase you know by heart, such as "Every Halloween, the trees are filled with underwear; every spring, the toilets explode." Now, type out the first letter of every word in that phrase, picking different letters or adding punctuation wherever feels natural for you, resulting in a password like "eHttRfwu;estte." By using something that isn't a word and never has been, you're increasing the pool of necessary guesses exponentially.
But even then ...
"I_love_golf" is an easy password to crack. "I_love_women_with_no panties_teeing_off_on_my_face_while_gophers_finger_my_asshole" is a little harder for robots to guess.