Security in the digital realm can seem very abstract. Anytime you lock up something in the physical realm, you have a tangible object to be locked up, an equally tangible lock, and the key for that lock. The key can be physical or not – contrast a key you slide into a door lock with a series of numbers in combination that opens the chain lock around a bicycle. In the digital realm you secure data, or stored information. The lock itself is a computer algorithm. The key is a series of numbers, letters, and symbols known only to you. Each of the digital components of security is more abstract than its physical counterpart, with the possible exception of the key, which we can conceptualize as a combination for a combination lock.
However, digital security uses economic principles which are very similar to those used by physical security. In both cases, the foundation of the security is to provide two disincentives to potential thieves: first, make it difficult to take your stuff by locking it up; second, reduce the perceived payoff for successfully breaking your lock. How well your security measures work depends on how well it performs each of these tasks.
For example, having a single, simple password shared among all of the computers and computer users in a household provides a weak level of security. A simple password, such as a short word out of the dictionary, is relatively easy to “break” using brute force – trying each word in the dictionary, for example. The payoff in this situation is also larger than it could be, since that single password is all that is needed to provide access to several systems and several users’ data on them. Overall, this is very much like using a single cheap bike lock to lock up the whole family’s bikes; a little brute force with a bolt cutter later, and all the bikes are gone.
This is why security professionals advocate difficult passwords that combine letters, numbers, and symbols; it’s why they say passwords should be changed often and should never be shared. If your lock is sufficiently difficult and time-consuming to break and it protects a small enough set of information, the payoff won’t be worth the time and the risk – and your potential thief will look elsewhere.