Individuals generally have the responsibility of creating their own passwords on an e-commerce site. As users attempt to create a password that they can remember, they often create one that others can easily guess. This situation can also create another paradox, where the user cannot remember their password in their quest to create an unpredictable one. This paper examines what passwords were created by users on an e-commerce site, their gender, into what categories they appear, and how their choices could be identified through a software cracking program. This paper also addresses the security of users’ password choices in comparison to positive password actions suggested by security experts. The results of this study could assist both consumers and e-commerce sites in recognizing and recommending secure password choices and policies.