Why Birthdays & Personal Info Make Terrible Passwords

It's tempting. Your birthday is easy to remember. Your kid's name, your pet's name, your hometown—all memorable. But using personal information in your passwords is one of the fastest ways to get hacked.

In this guide, we'll explain why personal information is dangerous, how attackers exploit it, and what you should use instead.

Why Personal Information Is Dangerous

Reason #1: It's Publicly Available

Your birthday, hometown, pet names, and family members' names are often publicly available:

• Social media: Facebook, Instagram, LinkedIn list birthdays and family info
• Public records: Birthdays appear in property records, voter registrations
• Google: Search your name—personal info appears everywhere
• Data brokers: Companies sell your personal data

An attacker doesn't need to crack your password. They can simply look you up and try common combinations.

Reason #2: Dictionary Attacks Target Personal Data

Dictionary attacks use known words and patterns to guess passwords. Modern versions include personal information:

• Birth years (1985, 1990, 2000)
• Pet names (Fluffy, Bella, Max—top 1000 pet names)
• Common name combinations (John1985, Sarah2010)

If an attacker knows your birthday (easily found), they might try:

• birthday
• yourname1985
• 1985yourname
• 19851985
• YourName1985!

Attackers have lists of millions of these combinations.

Reason #3: It Works Against Security Questions

Many accounts use security questions like "What's your pet's name?" or "Where were you born?"

If your password is your pet's name AND your security question asks for your pet's name, an attacker only needs one piece of information to compromise both.

Reason #4: Passwords With Personal Info Are Weaker

Passwords using personal information are typically shorter and less random:

• ❌ Bad: "Sarah1985!" (9 characters, predictable)
• ❌ Bad: "BirthdayBaby2010" (16 characters, but all dictionary words)
• ✅ Good: "k9#mL2$xQ&vP4@rT" (16 random characters, no personal info)

Real-World Example: How It Gets Exploited

Scenario: You sign up for a website with the password "Jennifer1988" (your name + birth year).

1. The website is hacked, and your password hash is stolen
2. An attacker looks you up on Facebook and sees your birthday: 3/15/1988
3. They try variations: Jennifer1988, jennifer1988, 1988jennifer
4. One of them matches. Your account is compromised.
5. If you reused this password elsewhere, all those accounts are compromised too

What Personal Information Is Dangerous?

Avoid putting these in your passwords:

• Birth date: 1985, 03/15, March15
• Your name: John, Sarah, JSmith
• Family names: Spouse, kids, parents
• Pet names: Fido, Fluffy, Bella
• Hometown: NewYork, Boston, Denver
• Anniversaries: Wedding dates, relationship milestones
• Favorite sports teams: Cowboys, Yankees, Lakers
• Phone numbers: Your number or family members' numbers
• Any other publicly available info

Why People Still Use Personal Information

If it's so bad, why do people do it?

• Easy to remember: You don't have to write it down
• Feels personal and secure: "No one will guess my kid's name"
• It hasn't been hacked...yet: False sense of security
• No better alternative: People don't know what else to do

All of these reasons are understandable. But they're all wrong.

The Solution: Random, Strong Passwords

Instead of personal information, use:

• Random characters: 16+ characters mixing uppercase, lowercase, digits, symbols
• A password manager: Generate random passwords and store them securely
• Passphrases: Random words in random order (correcthorsebatterystaple)

Good passwords have no connection to you:

k9#mL2$xQ&vP4@rT
correcthorsebattereystaple
spaghetti-monkey-typewriter-42
7<Nz#pK@9$mQ2wR

These have nothing to do with your life. An attacker can't guess them by knowing you.

What About Memorable Passwords?

If you absolutely must remember a password (like your master password for a password manager), use a passphrase:

• ❌ Bad passphrase: "MyDogFluffy2010" (personal info)
• ✅ Good passphrase: "correcthorsebattereystaple" (random words, no personal connection)

Passphrases are long, memorable, and have no connection to your personal life.

Best Practices

• Never use personal information in passwords. Ever.
• Use a password manager. It generates and stores strong passwords for you.
• If you must remember a password, use a random passphrase. At least 4 words, completely random.
• Don't reuse passwords. Each account needs a unique password.
• Change security question answers. If a site asks for your pet's name, give a fake answer and store the real one in your password manager.

Bottom Line

Birthdays, names, and personal information make passwords weaker, not stronger. They give attackers an easy path in. Use random, strong passwords generated by a password manager instead. Your accounts will be dramatically more secure.

Want to generate strong passwords? Use StrongPass to create random passwords that don't contain any personal information.