Why is 3 random words as a password better than a load of random characters?


Why is 3 random words as a password better than a load of random characters?

In: 52

it’s not better than the same length of random characters, it’s actually a little worse worse but easier to remember

however it is massively safer than what everyone does which is Word[number][speical character] (for example Michael1209!) mostly because it’s longer

Because it’s easier for you to remember. To a computer trying to crack your password, the characters themselves don’t make a difference but adding more of them exponentially increases the time it would take. Ergo, longer passwords are better and using actual words make them easier for a human to remember than randomly generated ones.

We struggle to remember random characters. This is made worse if you have to change passwords regularly as some IT managers insist. A pass word (as in an actual word) is easy to remember but easier to crack with a dictionary attack. Three word pass phrases can be structured to meet all password rules and are the best of both worlds. I recommend animal colour clothing as an easy way to visualise a passphrase. Red lion shoes. Add punctuation and a number and you’ll suit the strongest rules but still be able to remember it.


Poor lion has lost one of his red shoes….easy image to recall

It depends how many random characters you have.

There’s 95 printable ASCII characters which is more or less all the printable characters on a normal keyboard.

So the number of possible combinations for a random jumble of characters is 95 raised to the number of characters.

There is however over 170.000 English words in the OED. Even if we limit ourselves to top 50% most common words (for ease of memorability) for 3 random choices that’s still 85.000 rasied to 3.

We can see mathematically that you would need at least 8 random characters for your password to have more options than 3 random words.

Now 8 might not seem that long, but consider that 8 totally random unconnected characters is a lot harder to remember than just 3 words.

Because longer passwords are usually always better than shorter ones and CorrectHorseBatteryStaple is easy to remember, where as 12%spiiBd$>Q-745gTmPDj#5 is really hard to remember despite them being similar lengths.