Having trouble keeping hackers from stealing your identity? Then it's too bad you weren't born a redhead.

A new study highlighted by the BBC shows that problem with self-assigned computer security is that 1- we're terribly uncreative about picking unique passwords that wouldn't be easy to guess for people who know us and 2- we're too lazy to remember more than a few passwords:
In this sense, [security expert Per Thorsheim] says, a good password would be a phrase or combination of characters that has little or no connection to the person picking it. All too often, Mr Thorsheim adds, people use words or numbers intimately linked to them.

They use birthdays, wedding days, the names of siblings or children or pets. They use their house number, street name or pick on a favourite pop star.

This bias is most noticeable when it comes to the numbers people pick when told to choose a four digit pin. Analysis of their choices suggests that people drift towards a small subset of the 10,000 available. In some cases, up to 80% of choices come from just 100 different numbers.
About 70% of us also tend to reuse passwords from one site to another. All it takes is for a hacker to guess one account to get onto your gmail.

Interestingly, the study found that certain subsets of humans tend to be much better at picking passwords than others. Specifically, red-headed women were the best at choosing difficult-to-guess passwords, The ones who were least likely to choose good passwords were bearded, unkempt men.

[BBC]