You need to stop listening to people telling you to use goals as passwords. It’s just plain horrible
I can’t believe to this day this gets recommended to people. Let me prove to you why it such a bad idea.
It’s Recommended All The Time
It’s crazy how much using goals for passwords gets recommended all the time on the internet. Here is just a few I got from a quick Google search.
- How a Password Changed My Life
- Use Your Password as a Motivation Technique
- Use Affirmations as Passwords
The real irony is the guy who wrote the Medium post about this now has tons of other sites talking about his password. It was even his work password and since so many people reuse passwords it could have been his bank password too. How is this a smart idea???
Reddit is the worst of them all to recommend these tips especially in their “LifeProTips.”
- LPT: Have a positive word or goal incorporated into your password algorithms.
- LPT: Have a goal that gets stymied by procrastinating online? Incorporate the goal into your device’s password.
- Change your passwords to your goals. Ex: “Be kind” “lose 20lbs” “save money”
The scary part is that many of these are websites people trust. On the surface, this seems like a great idea, but it’s not.
Goals Are Horrible Passwords
Let’s put the feel-good emotions to the side and let’s not jeopardize our security. There is nothing wrong with goals and making your life better, but those goals don’t help when you’ve been hacked, or bank account drained.
The biggest issue is that people’s goals are often the same. Everyone wants to lose weight and usually its 10 pounds.
While “lose10pounds” looks long and secure, it’s not. According to HaveIBeenPwned its been seen 16 times in breaches. Learn more about HaveIBeenPwned and how to securely check your passwords here.
Examples of goal passwords that are in breaches
- loseweight: 1,015 times
- loseweight!: 1 time
- loseweight1: 44 times
- gainweight: 16 times
- muscle: 8,084 times
- weightloss: 1,158 times
- newcar: 2,878 times
- newjob: 21,597 times
- newcareer: 1,324 times
- ihatemyjob: 485 times
- Ihatemyjob: 46 times
- ihatemyjob1: 53 times
- moveout: 241 times
- getagf: 1 time
- wantboyfriend: 2 times
- needgirlfriend: 4 times
- make100k: 39 times
- make50k: 12 times
- 10kpermonth: 8 times
- getlaid: 2,641
- makefriends: 226 times
- forgiveher: 30 times
- forgivehim: 10 times
- eathealthy: 234 times
- nomoremeat: 11 times
- savemoney: 5,975 times
- Savemoney: 81 times
- Savemoney!: 3 times
- rememberpassword: 72 times – This is my favorite.
First published in March 2019; the numbers above will increase over time.
Keep in mind HaveIBeenPwned only has the passwords to KNOWN breaches. There could exist many shared goal passwords in breaches we don’t know about yet. Many websites go years without even knowing they’ve been breached.
Another reason why goals are bad passwords is password reuse. You’ll want to be reminded of that goal all the time so you’ll use it for many accounts. If one of these accounts get breached they now can get into all accounts with that password.
Not only are you making it easier to guess the password since many people share the same goals but you’re also making it even easier to get into other accounts because you reused the password.
What Is The Worst That Can Happen?
I get this often, “I’m no one so they won’t hack me.” Now with using goal passwords, they’ll say the same thing to justify using them.
First off, you matter.
I don’t say that to make you feel better, sorry, tough love is needed here. I say it because you’re human with
They go after everyone, and the people who think no one would hack them are the ones they want. These people don’t take security seriously, so they have easy passwords. They cast a wide net to catch as much of them as possible. With enough “no-bodies” they get what they want.
What You Should Do Instead
Get yourself a password manager.
Once you have a password manager, you want to spend some time giving every account a unique password no matter how unimportant you think it is.
You also need to come up with a strong master password.
Then you need to back up that master password to a piece of paper you keep in a safe or a safe deposit box. You’re human, and it’s easy to forget. Come to think of it – all the times I’ve seen people forget their master password is far too much – then you have people wanting to use goals for passwords? What good is the goal if you’re going to forget the password?
What password manager should you get? That depends on your needs. Here are a few that I recommend you check out and see which one best suits your needs.
Note: I’m NOT paid to mention any of the password managers above. If you want my opinion go with Bitwarden as it’s free and works on most devices. If you want what I call “top of the line” go with 1Password. If you want a basic local password manager go with KeePassXC. This is just my opinions, give each password manager a shot to see which one best suits you.
What About My Goals?
The reason why people wanted to use goals as passwords is that you have to write them out often. So why not avoid the password game and just write them out on paper? No need to get fancy and bring passwords into the equation.
Set a reminder in your calendar to write out your goals.
Plan out your day and write your goals.
Keep a journal with your goals in it.
Just don’t use your goals as passwords.