What do the words “dragon,” “baseball” and “pussy” have in common? They all regularly appear on lists of the most commonly used computer passwords. They make the grade year after year because dragons, baseball and pussies (meaning cats, of course) are all things that people like. Human sentimentality is the enemy of internet security, which makes banks’ obsession with knowing our first pets’ names and the streets we grew up on seem counterintuitive; these are words that stick in our mind, but they are not reliable gatekeepers.

In a study of the psychology of password selection, Helen Pet-rie, professor of human-computer interaction at the University of York, undertook a survey of 1,200 British computer users and established four main password personality classifications: family-oriented (words connected with family, partner or pet); fans (the names of celebrities, athletes other idols); fantasists ( “sexy,” “stud”) and finally cryptics, who opt for a random string of numbers, letters and symbols. Only 10 percent of those surveyed were classed as cryptics because it turns out that most of us opt for convenience over actual security—and something is more convenient when it carries enough emotional resonance that it can be easily remembered. “People take a nonnatural requirement imposed on them, like memorizing a password, and make it a meaningful human experience,” computer scientist Joseph Bonneau told The New York Times in 2014 when the paper published an article on password selection.

It included anecdotal examples ranging from a man who successfully used motivational mantras to help him achieve personal goals (quit@smoking4ever) to a runner with the password 16:59—her target time in the 5,000-meter track event. The average computer user regularly accesses 28 online accounts. Given the increasingly frequent imperative to add numbers, symbols and uppercase letters, are we fast approaching a future where we all have to simply embrace being cryptics? Security’s gain would be a human loss; many of us use passwords as an opportunity to articulate something truly private, perhaps something that might never have been uttered otherwise. A truly impenetrable password reveals nothing of the mind of its creator.