(Credit: CNET)

“Password1” is as good as it gets.  It’s simple to remember.  You’ll never forget it. That is what millions of people seem to think, in those exact words, which is why it’s a problem.  We have so many passwords, that we are always tempted to choose simplicity (usability) at the cost of security.  Google says – “make stronger passwords” [also here].  “Come up with really complicated ones, all different for different websites.”  Make a list, check it twice, then make a map to the secret location where you stashed it.  Don’t tell your relatives or co-workers where you put it (a large percentage of identity theft crimes is done by people who personally know the victim).  Yet, malware infected sites do not care where you stashed your password list.  Keyloggers don’t need a key to your safe, they just harvest your keystrokes.  They don’t care if your password is 8 or 80 characters.  If you type your password, it can be shared and it can be easily transmitted.  That’s why Tricerion champions image-based passwords.  They are simple, easy to recognize and they make it impossible for the user to inadvertently disclose their security credential on a fake website.  Security is stronger when we change the paradigm, and not by doing more of what doesn’t already work.