Password Psychology: Why Do People Still Use Weak Passwords?


Users often view passwords as a nuisance, and creating them feels like a waste of time. Because of this mindset, security and best practices are not being used to create different, protective passwords for accounts. There is psychology behind this phenomenon, as well as some tips to keep in mind to ensure good password security.

Video Overview

Optimism Bias

Optimism bias occurs when people believe they’re not at risk of threats targeting them. A common misconception they may have is that their information is not valuable enough to steal because they have nothing to hide. This leads to weaker passwords and an increased threat to their account security.

Cognitive Load Reduction

Human brains naturally seek shortcuts. Remembering a lot of passwords can be overwhelming, so familiarity bias starts to happen, which is when people recycle passwords across accounts so they don’t have to recall a unique, complex password every single time they log in. There’s an obvious issue with this because, once a hacker discovers one password, they can use it to log into every account that uses it.

Risk Assessment

Another issue is that users don’t think the risk of a security breach is very high or don’t understand the severity of the threat. Distant threat fallacy occurs when people don’t take a warning seriously because the danger feels far away.

It also plays into a denial of consequences, which is when people don’t adjust their passwords until after a breach has happened. Only then do they understand the danger.

Habit of Convenience

Humans are known to seek instant gratification, and simple passwords provide this by saving time when creating an account. People also get frustrated when a site has lots of requirements, like length, special characters and more. It feels like a hassle, so whenever they get the chance, they create one that is easier to remember. Another roadblock is when users exhibit autopilot behavior, where all they want is quick access to their account and are not concerned with security.

Lack of Awareness

There is also a lack of awareness surrounding password creation. Most applications and websites require users to make accounts, so they often don’t take much care in choosing a password. They’re essentially numb to the security risks.

Personality Types

Type A and B personalities respond to password creation differently, but they can end up with the same simple passwords. Type A people may choose easy passwords to maintain a sense of control, whereas Type B people could just do it because it’s easy. Regardless, both groups make passwords that are easy targets for hackers.

The Need for Increased Security

In 2024 and 2025, the most common password was “123456”, and “password” came in fifth place. Although users have often been warned of the dangers of using simple, common passwords like these, the rate of their use remains high.

Almost everything is accessible online nowadays, making passwords an increasingly desirable target for hackers. Phishing attackers — or hackers who use human behaviors to gain access to sensitive information — are just one of the many different types of threats to online security today. Considering these kinds of hacks appeared in 36% of breaches in 2021, it’s important to be aware of the possibilities when creating passwords.

Tips for Better Password Practices

Below are some helpful best practices when creating passwords to reduce the risk of a hacker breaking in:

  • Use a password generator. Using symbols and numbers in passwords is a good idea because it makes them more difficult to guess. Password generators can help.
  • Never use the same password for more than one account. Doing so makes it harder for hackers to access every account once they’ve hacked one, which lowers the risk of them discovering more sensitive information.
  • Use a password manager. Password managers provide a place to store login credentials to eliminate the need to remember every single one. Some even sync across devices, making it easier to grab passwords quickly. 
  • Create a password policy. Password policies are rules users follow when creating passwords, such as blocking certain words that are too similar to their own lives and are therefore easier to guess.
  • Have tools to recall passwords. Some people choose letters with easy associations to help them remember a password. They also create passphrases, which are words that are easy to remember but harder to guess.
  • Turn multi-factor authentication on. Once users log in, this is an extra step that asks them personal questions or sends a notification to another device they previously logged into to ensure they own the account they’re trying to get into.
  • Do not share passwords with people. This may seem like a no-brainer, but people still do it.

A Secure Account

Passwords are a serious and important part of making an account. Users must be aware of the issues they experience during their creation and overcome them to make complex passwords no hacker can guess. This increases the account’s security and limits hackers’ access to sensitive information.. This increases the account’s security and limits hackers’ access to sensitive information.


As the Features Editor at ReHack, Zac Amos writes about cybersecurity, artificial intelligence, and other tech topics. He is a frequent contributor to Brilliance Security Magazine.


Follow Brilliance Security Magazine on Twitter and LinkedIn to ensure you receive alerts for the most up-to-date security and cybersecurity news and information. BSM is cited as one of Feedspot’s top 10 cybersecurity magazines.