Mark H. sends this one in: “It’s clear that this protects passwords from others, since she neither writes them down nor remembers them. But it would seem like they are also protected from her, hence useless. Maybe she has to use the “forgot password” routine each time, and so the password is never the same?”
According to NordPass, the most common passwords are still the most useless ones:
The same day Mark H. sent that in, there were two other password comics in my feed. These aren’t really synchronicities, because the jokes are all different, but why not pretend it’s National Password Day? (That’s actually the first Thursday in May.)
I worked at a company where every few weeks, a new 7 letter password would be automatically randomly generated for you. Well, maybe randomly. A colleague had gotten into a tiff with the head of IT, and his next password ended with 3 letters of his first name. The first 4 letters were an expression not allowed on vanity license plates. He was convinced there was nothing “random” about it. And, knowing the head of IT as I did, I’d bet he was right.
Comics I Don't Understand 
“But it would seem like they are also protected from her, hence useless.”
Yeah, I think that’s the joke. Not the funniest, but relatable.
“Maybe she has to use the ‘forgot password’ routine each time, and so the password is never the same.”
I have a few sites/apps that I hit at most a few times a year but don’t play nicely with Google password manager. I admit I don’t even try – I just reset every time. That’s probably why I find it relatable.
I’ve graphed it, and at the rate we’re going, by 2027 we’ll be spending 100% of our time entering/resetting passwords and 2FA values. Very sad. And yes, I know NIST no longer recommends periodic password changes; alas, other standards that have teeth, like PCI DSS, still do, so the practice persists.
As for Mom’s passwords, I liked it. Slightly illogical but the spirit works for me!
For Findings #4 they should change the o to zero.
I’m a bit happier. My [large tech company] employer changed from 90-day passwords to 1-year passwords a couple years ago.
For some sites, like this one, passwords only serve the sysop, not the user. There is absolutely zero security risk from someone getting my WordPress or GoComics password. For sites where it does matter, I have a scheme with a phrase I can easily remember, slightly modified for each such site. If I had to use random passwords, I’d just have to write them on paper or in a computer file, thereby making them pretty useless.
Robert gets upset that I keep my passwords in my old cell phone – he says I have to have them written down in hard copy or I will lose them. (Old cell phone backed up to my backup drives.)
Then again, he went to do something with my current cell phone for me and we could not sign in to do it – I did not have the password as he had not given it to me when he set it up when I got the cell phone!!