Stripping girls don't guarantee secure passwords

Filed Under: Privacy

On the face of things, human nature being what it is, it sounds like it might actually work.

Encourage people (well, let's be honest.. guys) to use stronger, more secure passwords by incorporating a graphic of a stripping woman.


The idea dreamt up by the developers at Platform45, and as explained by the chaps at TechEye, is that users are rewarded for choosing strong passwords by displaying a pixelated image of a woman who strips off more clothes the better the password.

Before you start imagining that this might be somehow titillating, check out the animated graphic I made:

Animation of password being entered

Yes, this stripping woman is definitely a throwback to the 8-bit era of computing.

My beef with the idea is not whether the idea is chauvinistic or not, but rather whether it really helps with security.

A pixellated stripper might be enough to encourage you to use a more secure password - but does she take her clothes off too easily?

I tried a series of passwords on Naked Password's demo page, only to be mightily let down by how easily the woman could be encouraged to strip down to her undies and beyond.

For instance, a dumb password such as "123456789" was enough to get her topless - but I certainly wouldn't suggest that that is a strong or sensible password for anybody to use.

The idea of "Naked Password", therefore, may cause some wry smiles in IT departments - but don't rely upon it as a sensible way to encourage your staff to use better passwords.

If you do want to encourage more sensible password choices, watch this (non-naked) video I made describing how to choose a hard-to-crack password that's easy to remember:

(Enjoy this video? You can check out more on the SophosLabs YouTube channel and subscribe if you like.)

, , , , ,

You might like

5 Responses to Stripping girls don't guarantee secure passwords

  1. snipe · 1681 days ago

    Chauvinistic or not, I think it's hilarious. And really, the question of whether or not it actually helps makes passwords stronger just goes back to the code powering it. Tweaking the code so that it requires some level of entropy (so that she doesn't take anything off for 123456789, etc) wouldn't be that difficult, similar to the way the more sophisticated javascript "password strength indicators" work.

  2. Bruce · 1680 days ago

    If you can explain method that to my mother in law then most people can use it. All you are promoting is for the user to write them down, basically moving the security to the user.

    Why not just have them enter the full sentence
    I do a 24+ character password that is a sentence, think about a high school sweet-heart and describe what you did, the more sexual the better.
    You won't write it down nor forget it.
    you will smile each time you enter it and most importantly you won't tell anyone what it is.

  3. I have Xampp for testing WordPress files and theme files installed on my computer, for my website and because I use the same machine also for banking I take security absolutely seriously. Thanks for the help info and for rising the awareness.

  4. etil · 1677 days ago

    I made an open source password generator using Microsoft Online Safety algorithm to check password strength. Source and application is available here :

    Might help that poor stripper from getting cold :)

  5. lolol · 1666 days ago

    When i just put in a random password with symbols, she took all of her clothes off.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley runs his own award-winning computer security blog at, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Follow him on Twitter at @gcluley