ICT Policy



City Profiles

Will Africa avoid perilously simple passwords?

October 23, 2010  »  WebNo Comment

From 2010, but applicable to Facebook and mobile banking users everywhere.


The generic password is not a uniquely African problem by any means, but is an area where Africa can potentially leapfrog the rest of the world. However, the task of imposing complex passwords is far from easy. For one, what good is a password when the user cannot remember it? Most secure banking, large social networks, and other sites that involve financial transactions generally require a 6+ character string with a variety of letters, numbers, punctuation, and cases. However, e-mail providers, personal computers, and wireless routers lack stringent standards to thwart freeloaders or nosy peers.

An analysis of a hacked list of 32 million passwords showed little change in complexity from 1999 or even 1990. Key findings were:

  • About 30% of users chose passwords whose length is equal or below six characters.
  • Moreover, almost 60% of users chose their passwords from a limited set of alpha-numeric characters.
  • Nearly 50% of users used names, slang words, dictionary words or trivial passwords.
  • 5 of the 10 most common passwords contained ‘123456’

Interestingly, a 2010 Inside Facebook article “Facebook Arrives in Tanzania” cites the affinity of Tanzanian youth to pick “123456” or “12345678” as e-mail passwords. In fact, the author only observed one individual not use either of these passwords (he instead chose his first name followed by the number 9 – not a great idea either).

So, maybe Africa can fight the human condition that justifies an easy-to-remember password over secure personal data. Unfortunately, the odds are against security:

  1. Remembering a password often involves writing it down – something that is not a problem if one always accesses a desktop computer at a given location, say, at home. However, Africans who rely on mobile phones or cyber cafés will face the challenge of carrying a piece of paper with the password.
  2. Much of the push for secure passwords is up to computer skills instructors. They must be diligent to not have students enter a name or simple number sequence as a password.
  3. A September blog post on Alys in Africa, written by a Peace Corps volunteer in Mboro, Senegal highlights the cultural implications with having a password at all. She writes:

Our neighbors brought in lap tops and started picking up our signal for their personal use. In an attempt to regulate this problem my predecessor, Devon, used his net savvy to put a password on the signal. This didn’t last long as neighbors would just come to the house and demand the password. Unfortunately for my family, in African culture one cannot say no. If you have something shareable you are obligated to do so.

The best ways to choose a password can be found via Google search.