Human Tendencies and Cybersecurity

When choosing numbers, humans tend to choose certain types of numbers, such as prime numbers, more often than other kinds of numbers, a fact that impacts the way humans choose passwords and other security related features.

For example, choose a number between 1 and 20. Is it 17? If you’re like an unexpected large percentage of people, that's the number you picked. If you didn’t choose 17, the odds are that you probably chose another prime number instead -- most likely 7, 13 or 19, in that order. Which brings up another pattern. Humans also tend to pick odd numbers more frequently than even numbers.

Cognitive Daily posted earlier this year the results on an online poll with 347 respondents who picked seventeen 18 percent of the time. A computer random number generator picked it less than 5 percent of the time.

People also gravitate toward prime numbers because they seem more random. Humans pick prime numbers about 60 percent of the time, compared to a computer, which picks prime numbers about 40 percent of the time.

Since random numbers are an element of cybersecurity, it would be risky to rely on humans to generate the numbers. They follow a fairly predictable pattern.

Hat tip: Bruce Schneier’s blog (which also links to this funny Dilbert cartoon) and ha.ckers.org