Passwords in the Anthropocene…

The global Black Hat MEA community is building a more resilient future. Build it with us.

This week we’re focused on…

Passwords as digital rituals. 

OK, so we’re going a little bit off-piste here, as we tend to do now and then. But what do your passwords say about you? Are they digital incantations – or just…broken locks? 

We wrote about credential leaks on the blog this week, and the possibility that we’re close to going passwordless for good. So before that happens, let’s take a breath and consider what we’re leaving behind. 

Passwords have been with us since the dawn of the internet. But their roots stretch further back; into rituals, folklore, and the psychology of secrecy. Passwords are symbols of identity and belonging and control; and like all symbols, they carry cultural baggage.

The password as a ritual 

Roman sentries used passwords (or ‘a word for passage’) to grant access to military posts. Secret phrases were exchanged in whispered meetings under moonlight. Across the Middle East, traditional codes of honour and secrecy governed access to private and communal spaces – a kind of knowledge available only to those who’d earned it.

Today, most digital users have replaced ancient passwords with something like Riyadh2025!. But while the format has been digitised, the ritual is still there in the mix somewhere. 

We choose our passwords. We guard them, and repeat them in private. And sometimes we share them – but only with the people we trust most. 

So passwords are deeply anthropological. They reveal what we value, how we remember, and who we trust.

Do different cultures have different password habits? 

Most people who think they’ve come up with an original password formula are very, very wrong. 

According to the FIDO Alliance, 36% people worldwide had at least one account compromised due to weak or stolen passwords; and much of their weakness is linked to predictable patterns. 

Those patterns vary across geographies and generations: 

• In the Middle East, password datasets and breach reports show that passwords often contain names, important dates, or regional landmarks – tied to family and cultural pride.
• In East Asia, password analysis reports and regional security trainings suggest that many people default to number patterns due to keypad habits or auspicious numbers.
• In Western cultures, pop culture references dominate: song lyrics, sports teams, or pet names.
• And globally, birthdates, children’s names, and old phone numbers remain common. 

We don’t just conjure passwords out of nowhere. We encode ourselves into them – whether we’re aware of it or not. 

Password reuse is our digital folklore 

Reusing passwords is a tale as old as time (sort of). Like oral stories passed from one generation to the next, reused passwords morph slightly with each retelling. 

That old email password you made in university? Unless you’re a cybersecurity pro (we know, wrong crowd), it’s probably recycled into your current streaming, shopping, or banking logins – with a number or special character tacked on at the end.

This is what we might call digital folklore: reused, reshaped, shared in families, forgotten and rediscovered. 

But folklore isn’t security. And attackers know the story. Credential attacks thrive on this folklore, testing old passwords en masse to unlock treasure chests of data. 

Here’s a quiz (humour us) 

Ready for a little self-reflection? 

Think of your oldest password (or the oldest one you can remember) and answer honestly:

1. Does it include a name or birthdate?If yes, you are The Ancestral Keeper. You value roots, legacy, and continuity – but beware nostalgia traps.
2. Is it a quote or song lyric?This means you’re The Poet. Emotion guides your choices. Just don't let sentimentality be your weakest link.
3. Is it a random string you never remember?You are The Cipher. Secrecy is sacred. You probably hate password reset flows with a burning passion.
4. Is it the same password you've used for years, with a few tweaks?You’re The Tinkerer. Resourceful, yes; but the bots have already mapped your mythology.
5. Do you use a password manager or passkeys?Ah, hello. You’re The Architect of the Future. You’re building new rituals – more secure, less human. That’s a good thing. 

And yes, you can steal our quiz next time you’re talking to non-cyber pros about passwords. You’re welcome. 

From incantations to infrastructure 

When we interviewed Umer Khan (CIO at Relativity Space), he told us bluntly that passwords seriously suck. Easy to guess, easy to intercept, easy to phish or crack or steal. 

And when we spoke to Brett Winterford (CSO at Okta) about passwordless security, he was on the same page: “The vast majority of cybersecurity incidents stem from password-based attacks.”

As we embrace passkeys, biometrics, and phishing-resistant MFA, we’re shifting from fragile folklore to hardened infrastructure.

But this transition doesn’t erase the past. It honours it – by learning from it.