Understanding how users choose passwords: analysis and best practices

In an era where digital services and password-protected platforms are becoming ubiquitous in various aspects of our lives, from healthcare technology to home environments, security has emerged as a paramount concern. To remotely access these devices, users must go through an authentication process, which typically involves the use of passwords. These passwords must meet two essential criteria: usability and security. Usability implies that passwords should be easy for users to remember and use. Security requires that passwords be resistant to unauthorized access. This study aims to investigate potential links between human behavior and password selection, as well as users’ perceptions of password security. To address this issue, we analyzed multiple data leaks and surveyed 217 users across various age groups and backgrounds. Data analysis reveals that, regardless of educational or professional background, most people tend to opt for simple, easily guessable passwords. Surprisingly, users with a technology background chose the weakest passwords. Based on the results of our analysis, we propose recommendations for both users and IT professionals. These suggestions can help users create stronger passwords and help IT professionals formulate effective access policies.