If you're a member of any website that requires a password for entry into your individual account, then sarcasmo-congratulations: chances are you really fucking suck at picking out passwords. But we're not all equally bad at it, nor is it a problem that cant' be remedied with a little elbow grease.
The problem with self-assigned computer security is that 1- we're terribly uncreative about picking unique passwords that wouldn't be easy to guess for people who know us and 2- we're too lazy to remember more than, like, a few passwords, tops. From the BBC,
In this sense, [security expert Per Thorsheim] says, a good password would be a phrase or combination of characters that has little or no connection to the person picking it. All too often, Mr Thorsheim adds, people use words or numbers intimately linked to them.
They use birthdays, wedding days, the names of siblings or children or pets. They use their house number, street name or pick on a favourite pop star.
This bias is most noticeable when it comes to the numbers people pick when told to choose a four digit pin. Analysis of their choices suggests that people drift towards a small subset of the 10,000 available. In some cases, up to 80% of choices come from just 100 different numbers.
That's why most hackers don't even need to utilize fancy programs to break into user accounts; they just start with smaller sites, grab passwords, and try those passwords at other sites the compromised users' have accounts. You know, the sort of thing Mat Honan described as a "daisy chain" of passwords in this piece about his "epic hacking" from a year ago (you know the one. If it doesn't haunt you, it will.) To make matters worse, according to the BBC, 70% of us reuse passwords from one site to another, so if a hacker were to guess, say, your Etsy password (YourCatsName11223), they can get onto your gmail (YourCatsName11223) and from there change your Amazon logins and by now you're totally fucked and on the phone with a bored sounding lady from the bank who wants to know if you authorized a purchase of 12 flat screen TV's and you're flying in like 2 days and the bank is trying to charge you $15 to rush deliver a new debit card. Messy, messy, messy.
Oddly, according to the BBC, certain subsets of humans tend to be much better at picking passwords than others. Red-headed women, for example, are the best at choosing difficult-to-guess passwords. Bearded, unkempt men are less likely to choose good passwords, probably because they've given up. Hence the beards.*
So, whether or not you're shopping this Cyber Monday (ugh, that name), today might be a good day to go through the ol' password Rolodex and make some changes. Lest you find yourself the unwitting purchaser of a giant cat-shaped beanbag chair that got shipped to North Carolina.
*Kidding. Beards are the best.