Cracking the code of security February 28, 2021 Setting passwords is a chore. You know to avoid choosing your dog’s name, or your grandma’s birthday. But then you’re faced with website constraints. It labels you ‘weak’ and demands a number. You insert a ‘1’ at the end of your simple word. A ‘123’ if you’re feeling particularly adventurous. Insistently, the website now requires a ‘special character.’ Unsure of any others, you add an exclamation mark. Your password is as secure as Alcatraz. Right? Actually, your security could be hacked in a couple of seconds. Websites insist on a host of requirements for passwords in an attempt to increase strength and reduce hackability. Considering hackers are well aware of these, it can be counterintuitive. Behavioural security studies conducted by software researchers Florenico and Herley in 2007 also suggest that if there are too many constraints, users feel overwhelmed and subsequently create the simplest possible password to meet the demands.