Is using your name in a password okay?

The phenomenon of personal information in passwords

It’s very common for people to use names in their passwords. It is often the user's own name, but could be the name of a parent, sibling, partner, someone who's a romantic interest etc. This phenomenon is not limited to names, but to all sorts personal information: birthdates, phone numbers, anniversaries and more.

So, should you do it?

To make it clear, you should not rely on personal information like your name or birthday to make your password secure. If personal information makes up the bulk of your password, then your password is weak, especially if this information is publicly available or deducible. Attackers are not always anonymous bots who don't personally know you; they may be someone you know. Even if not, they very often collect information about you. A competent cracker determined to crack your password you will most certainly try out different combinations of keywords associated with you, including your name.

So is using personal information in your password always bad? No, it is not always bad. If your password is already strong, adding your name or pet's name won't make it weaker, but you should not rely on that to protect you.

Why do people do it?

Why use your personal information or the information of someone close to you as your password? Well the first idea that comes to mind is memorability. Our names are easy to remember, so they make for memorable passwords, and in the day of the internet you wouldn't want to be locked out of your precious accounts because you forgot a password.

I'd argue, however, that this explanation, though true, is too simplistic and not the entire reason. One aspect people don't often discuss about passwords is the ritualistic aspect of them. Passwords are a kind of unique ritual. You're called, in a single moment, to create a word or piece of text that you'll encounter often for a possibly long amount of time, often your life. This text is secret to you (or at least is supposed to remain so), but circumstances will make it such that you will be forced to remember it. It's quite the concept.

I believe this particular aspect of passwords has led to a very interesting reality. People use passwords not just to be identified, but to communicate to themselves in the future; to store a piece of their identity in them and remind themselves of it. Convinced of the secretness of their password, people end up writing confessions, secret thoughts, the name of a crush or a soccer club they may root for. This is only a part of why the psychology and ritual aspect of passwords is so fascinating to me, and why I hope to share this fascination with you.

What's the solution?

If you find yourself using simple passwords with personal information about you because it is hard to remember complicated passwords, we highly advise you use a password manager. If you wish to enjoy the password ritual, just make sure to do so safely and add that personal information as the cherry on top, not the bulk of your password.

tl;dr

Personal information should never be the foundation of a password. If you want something memorable, add it only on top of an already strong, random password.