Lottery Tickets and Passwords

What in the world do lottery tickets and passwords have in common? Perhaps more than you may think.

Last week (Oct 23 2018) someone in South Carolina purchased the winning lottery ticket worth just under $1.6 billion (or if they decide to take all the money today it’s worth about half that amount). Lotteries have been around for a long time. Before the common practice of companies issuing shares of stock to raise capital, money was often raised through lotteries. In fact, the Virginia Company that funded the settlement of Jamestown, the first permanent English settlement in the Americas in 1607, raised money through selling lottery tickets in London and other British cities.

Picking numbers for a lottery ticket can be done in one of two ways. Either the consumer can select his or her own numbers, or the numbers can be randomly generated.

The psychology behind picking lottery ticket numbers is very similar to how most users create passwords. Many users will create a password that has something familiar associated with it, such as a special date (birthday, anniversary, etc.). Other users will use a common pattern, such as a keyboard combination (1QAZ-2WSX, the first two diagonal rows of keyboard keys). And some users will have a “base” password used as the foundation for all of their passwords but alter just one or two letters for each different site.

Of course, all of these techniques make it easy for attackers to crack passwords. Attackers often use dates (who hasn’t posted their anniversary on Facebook?) and known keyboard combinations as starting points for breaking user passwords.

The most secure passwords are those that, like lottery ticket numbers, are randomly generated. It’s best to use a password manager that contains a random password generator to create and then store random passwords.

While it may not win you the lottery, randomly generated passwords can help keep all of your accounts safe.