Close Menu
TechCentralTechCentral

    Subscribe to the newsletter

    Get the best South African technology news and analysis delivered to your e-mail inbox every morning.

    Facebook X (Twitter) YouTube LinkedIn
    WhatsApp Facebook X (Twitter) LinkedIn YouTube
    TechCentralTechCentral
    • News
      Djima Antaley delivers a package for Afrety in Dakar, Senegal. Ricci Shryock/Reuters

      The middlemen powering Africa’s online shopping boom

      14 July 2026
      Purple Group buys AI fintech Telescope in R177-million deal

      Purple Group buys AI fintech Telescope in R177-million deal

      14 July 2026
      Openserve launches its own ISP, rattling wholesale partners

      Openserve launches its own ISP, rattling wholesale partners

      13 July 2026
      Why eMedia's Openview Stream is skipping South Africa - for now - Khalik Sherrif

      Why eMedia’s Openview Stream is skipping South Africa – for now

      13 July 2026
      Trading rules near as Eskom tools up to compete - Dan Marokane

      Trading rules near as Eskom tools up to compete

      13 July 2026
    • World
      Swingeing jobs cuts at Microsoft's Xbox unit

      Swingeing jobs cuts at Microsoft’s Xbox unit

      6 July 2026

      SK Hynix ends Samsung’s 26-year reign at the top

      22 June 2026
      Google on the hook for what its AI tells users, court rules

      Google on the hook for what its AI tells users, court rules

      15 June 2026
      How Russians juggle VPNs to outwit the Kremlin

      How Russians juggle VPNs to outwit the Kremlin

      15 June 2026
      Amazon CEO flagged Anthropic AI risks to Washington - Andy Jassy

      Amazon CEO flagged Anthropic AI risks to Washington

      14 June 2026
    • In-depth
      AI boom sparks rally, frenzy and fear

      AI boom sparks rally, frenzy and fear

      11 June 2026
      Every plug-in hybrid on sale in South Africa, ranked by price - Lamborghini Temerario

      Every plug-in hybrid on sale in South Africa, ranked by price

      7 June 2026
      What Wi-Fi 8 will mean for wireless networks

      What Wi-Fi 8 will mean for wireless networks

      1 June 2026
      Alfa's electric rebel - Alfa Romeo Junior Elettrica Veloce

      Alfa’s electric rebel

      29 April 2026
      Africa switches on as Europe dims the lights

      Africa switches on as Europe dims the lights

      9 April 2026
    • TCS
      Watts & Wheels S1E7: 'Ferrari's EV breaks the internet'

      Watts & Wheels S1E7: ‘Ferrari’s EV breaks the internet’

      8 July 2026
      TCS+ | How Tracker is turning vehicle data into business strategy - Silvia Schollenberger

      TCS+ | How Tracker is turning vehicle data into business strategy

      1 July 2026
      TCS+ | IBM Bob: an AI-powered 'development partner' for the enterprise - David Spurway

      TCS+ | IBM Bob: an AI-powered development partner for the enterprise

      30 June 2026
      Watts & Wheels S1E6: 'A flawless Alfa and a bakkie that divides'

      Watts & Wheels S1E6: ‘A flawless Alfa and a bakkie that divides’

      17 June 2026
      Watts & Wheels S1E6: 'A flawless Alfa and a bakkie that divides'

      Watts & Wheels S1E5: ‘A Bentley of the bush and a car that swims’

      8 June 2026
    • Opinion
      The author, Fanie van Rooyen

      South Africa can still catch the AI wave – here’s how

      7 July 2026
      The author, Fanie van Rooyen

      The AI utopia South Africa can’t afford

      1 July 2026
      The author, Jannie van Zyl

      South Africa’s broadband future is being decided in orbit, not in Pretoria

      30 June 2026
      The author, Pambos Soteriades

      The pivot South Africa’s MVNOs cannot afford to miss

      23 June 2026
      Brazil's online gambling crackdown is a lesson for South Africa

      Brazil’s online gambling crackdown is a lesson for South Africa

      22 June 2026
    • Company Hubs
      • 1Stream
      • Africa Data Centres
      • AfriGIS
      • Altron Digital Business
      • Altron Document Solutions
      • Altron Group
      • Arctic Wolf
      • Ascent Technology
      • AvertITD
      • BBD
      • Braintree
      • CallMiner
      • CambriLearn
      • CM Telecom
      • Contactable
      • CYBER1 Solutions
      • Digicloud Africa
      • Digimune
      • Domains.co.za
      • ESET
      • Euphoria Telecom
      • HOSTAFRICA
      • Incredible Business
      • iONLINE
      • IQbusiness
      • Iris Network Systems
      • Kaspersky
      • LSD Open
      • Mitel
      • NEC XON
      • Netstar
      • Network Platforms
      • Next DLP
      • Ovations
      • Paracon
      • Paratus
      • Q-KON
      • SevenC
      • SkyWire
      • Solid8 Technologies
      • Telit Cinterion
      • Telviva
      • Tenable
      • Vertiv
      • Videri Digital
      • Vodacom Business
      • Wipro
      • Workday
      • XLink
    • Sections
      • AI and machine learning
      • Banking
      • Broadcasting and Media
      • Cloud services
      • Contact centres and CX
      • Cryptocurrencies
      • Education and skills
      • Electronics and hardware
      • Energy and sustainability
      • Enterprise software
      • Financial services
      • HealthTech
      • Information security
      • Internet and connectivity
      • Internet of Things
      • Investment
      • IT services
      • Lifestyle
      • Policy and regulation
      • Public sector
      • Retail and e-commerce
      • Satellite communications
      • Science
      • SMEs and start-ups
      • Social media
      • Talent and leadership
      • Telecoms
      • Watts & Wheels
    • Events
    • Advertise
    TechCentralTechCentral
    Home » In-depth » Why we choose terrible passwords

    Why we choose terrible passwords

    By The Conversation5 May 2017
    Twitter LinkedIn Facebook WhatsApp Email Telegram Copy Link
    News Alerts
    WhatsApp

    The first Thursday in May is World Password Day, but don’t buy a cake or send cards. Computer chip maker Intel created the event as an annual reminder that, for most of us, our password habits are nothing to celebrate. Instead, they hope we will use this day to say our final goodbyes to “qwerty” and “123456”, which are still the most popular passwords.

    The purpose of a password is to limit access to information. Having a very common or simple one like “abcdef” or “letmein”, or even normal words like “password” or “dragon”, is barely any security at all, like closing a door but not actually locking it.

    Hackers’ password cracking tools take advantage of this lack of creativity. When hackers find — or buy — stolen credentials, they will likely find that the passwords have been stored not as the text of the passwords themselves but as unique fingerprints, called “hashes”, of the actual passwords. A hash function mathematically transforms each password into an encoded, fixed-size version of itself. Hashing the same original password will give the same result every time, but it’s computationally nearly impossible to reverse the process, to derive a plaintext password from a specific hash.

    Instead, the cracking software computes the hash values for large numbers of possible passwords and compares the results to the hashed passwords in the stolen file. If any match, the hacker’s in. The first place these programs start is with known hash values for popular passwords.

    More savvy users who choose a less common password might still fall prey to what is called a “dictionary attack”. The cracking software tries each of the 171 000 words in the English dictionary. Then the program tries combined words (such as “qwertypassword”), doubled sequences (“qwertyqwerty”), and words followed by numbers (“qwerty123”).

    Only if the dictionary attack fails will the attacker move reluctantly to what is called a “brute-force attack”, guessing arbitrary sequences of numbers, letters and characters over and over until one matches.

    Mathematics tells us that a longer password is less guessable than a shorter password. That’s true even if the shorter password is made from a larger set of possible characters.

    For example, a six-character password made up of the 95 different symbols on a standard American keyboard yields 956, or 735bn, possible combinations. That sounds like a lot, but a 10-character password made from only lowercase English characters yields 2610, or 141 trillion, options. Of course, a 10-character password from the 95 symbols gives 9510, or 59 quintillion, possibilities.

    That’s why some websites require passwords of certain lengths and with certain numbers of digits and special characters — they’re designed to thwart the most common dictionary and brute-force attacks. Given enough time and computing power, though, any password can be cracked.

    And in any case, humans are terrible at memorising long, unpredictable sequences. We sometimes use mnemonics to help, like the way “every good boy does fine” reminds us of the notes indicated by the lines on sheet music. They can also help us remember a password like “freQ!9tY!juNC,” which at first appears very mixed up.

    Splitting the password into three chunks, “freQ!”, “9tY!” and “juNC”, reveals what might be remembered as three short, pronounceable words: “freak”, “ninety”, and “junk”. People are better at memorising passwords that can be chunked, either because they find meaning in the chunks or because they can more easily add their own meaning through mnemonics.

    Don’t reuse passwords

    Suppose we take all this advice to heart and resolve to make all our passwords at least 15 characters long and full of random numbers and letters. We invent clever mnemonic devices, commit a few of our favourites to memory, and start using those same passwords over and over on every website and application.

    At first, this might seem harmless enough. But password-thieving hackers are everywhere. Recently, big companies including Yahoo, Adobe and LinkedIn have all been breached. Each of these breaches revealed the usernames and passwords for hundreds of millions of accounts. Hackers know that people commonly reuse passwords, so a cracked password on one site could make the same person vulnerable on a different site.

    So, not only do we need long, unpredictable passwords, but we need different passwords for every site and program we use. The average Internet user has 19 different passwords. It’s easy to see why people write them down on sticky notes or just click the “I forgot my password” link.

    Software can help! The job of password management software is to take care of generating and remembering unique, hard-to-crack passwords for each website and application.

    Sometimes these programs themselves have vulnerabilities that can be exploited by attackers. And some websites block password managers from functioning. And of course, an attacker could peek at the keyboard as we type in our passwords.

    Multi-factor authentication was invented to solve these problems. This involves a code sent to a mobile phone, a fingerprint scan or a special USB hardware token. However, even though users know the multi-factor authentication is probably safer, they worry it might be more inconvenient or difficult. To make it easier, sites like Authy.com provide straightforward guides for enabling multi-factor authentication on popular websites.

    So, no more excuses. Let’s put on our party hats and start changing those passwords. World Password Day would be a great time to ditch “qwerty” for good, try out a password manager and turn on multi-factor authentication. Once you’re done, go ahead and have that cake, because you’ll deserve it.The Conversation

    • Megan Squire is professor of computing sciences, Elon University
    • This article was originally published on The Conversation
    Follow TechCentral on Google News Add TechCentral as your preferred source on Google


    WhatsApp YouTube
    Share. Facebook Twitter LinkedIn WhatsApp Telegram Email Copy Link
    Previous ArticleDiscover Digital takes on media’s big boys
    Next Article How Takealot will spend the Naspers millions

    Related Posts

    How Paratus and Eutelsat are connecting Southern Africa's mines

    How Paratus and Eutelsat are connecting Southern Africa’s mines

    14 July 2026
    Djima Antaley delivers a package for Afrety in Dakar, Senegal. Ricci Shryock/Reuters

    The middlemen powering Africa’s online shopping boom

    14 July 2026
    Purple Group buys AI fintech Telescope in R177-million deal

    Purple Group buys AI fintech Telescope in R177-million deal

    14 July 2026
    Company News
    How Paratus and Eutelsat are connecting Southern Africa's mines

    How Paratus and Eutelsat are connecting Southern Africa’s mines

    14 July 2026
    Rain supercharges 5G with Huawei

    Rain supercharges 5G with Huawei

    10 July 2026
    Africa's data centres: AI, edge computing and new energy demands - Vertiv OADC Open Access Data Centres

    Africa’s data centres: AI, edge computing and new energy demands

    9 July 2026
    Opinion
    The author, Fanie van Rooyen

    South Africa can still catch the AI wave – here’s how

    7 July 2026
    The author, Fanie van Rooyen

    The AI utopia South Africa can’t afford

    1 July 2026
    The author, Jannie van Zyl

    South Africa’s broadband future is being decided in orbit, not in Pretoria

    30 June 2026

    Subscribe to Updates

    Get the best South African technology news and analysis delivered to your e-mail inbox every morning.

    Latest Posts
    How Paratus and Eutelsat are connecting Southern Africa's mines

    How Paratus and Eutelsat are connecting Southern Africa’s mines

    14 July 2026
    Djima Antaley delivers a package for Afrety in Dakar, Senegal. Ricci Shryock/Reuters

    The middlemen powering Africa’s online shopping boom

    14 July 2026
    Purple Group buys AI fintech Telescope in R177-million deal

    Purple Group buys AI fintech Telescope in R177-million deal

    14 July 2026
    Openserve launches its own ISP, rattling wholesale partners

    Openserve launches its own ISP, rattling wholesale partners

    13 July 2026
    © 2009 - 2026 NewsCentral Media
    Built and maintained by Chronon
    • Cookie policy (ZA)
    • TechCentral – privacy and Popia

    Type above and press Enter to search. Press Esc to cancel.

    Manage consent

    TechCentral uses cookies to enhance its offerings. Consenting to these technologies allows us to serve you better. Not consenting or withdrawing consent may adversely affect certain features and functions of the website.

    Functional Always active
    The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
    Preferences
    The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
    Statistics
    The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
    Marketing
    The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
    • Manage options
    • Manage services
    • Manage {vendor_count} vendors
    • Read more about these purposes
    View preferences
    • {title}
    • {title}
    • {title}