We struggle to remember random characters. This is made worse if you have to change passwords regularly as some IT managers insist. A pass word (as in an actual word) is easy to remember but easier to crack with a dictionary attack. Three word pass phrases can be structured to meet all password rules and are the best of both worlds. I recommend animal colour clothing as an easy way to visualise a passphrase. Red lion shoes. Add punctuation and a number and you’ll suit the strongest rules but still be able to remember it.

3-Red-Lion-Shoes

Poor lion has lost one of his red shoes….easy image to recall

We struggle to remember random characters. This is made worse if you have to change passwords regularly as some IT managers insist. A pass word (as in an actual word) is easy to remember but easier to crack with a dictionary attack. Three word pass phrases can be structured to meet all password rules and are the best of both worlds. I recommend animal colour clothing as an easy way to visualise a passphrase. Red lion shoes. Add punctuation and a number and you’ll suit the strongest rules but still be able to remember it.

3-Red-Lion-Shoes

Poor lion has lost one of his red shoes….easy image to recall

Because longer passwords are usually always better than shorter ones and CorrectHorseBatteryStaple is easy to remember, where as 12%spiiBd$>Q-745gTmPDj#5 is really hard to remember despite them being similar lengths.

https://imgs.xkcd.com/comics/password_strength.png

Because longer passwords are usually always better than shorter ones and CorrectHorseBatteryStaple is easy to remember, where as 12%spiiBd$>Q-745gTmPDj#5 is really hard to remember despite them being similar lengths.

https://imgs.xkcd.com/comics/password_strength.png

Because longer passwords are usually always better than shorter ones and CorrectHorseBatteryStaple is easy to remember, where as 12%spiiBd$>Q-745gTmPDj#5 is really hard to remember despite them being similar lengths.

https://imgs.xkcd.com/comics/password_strength.png

Length.
If passwords were minimum… 25 characters with all the usual complexity rules and ALSO 5t0pp3d th3 r3gu!4r number/letter/common special character substitutions (because they’re common enough to be coded into whatevers trying to guess passwords), they’d be harder still but hard for humans to remember too.

For each character added, there’s a squaring of the number of checks needed.

E.g. assuming the “normal” UK keyboard has about 104 alphanumeric symbols and characters and all are allowed…

0ne – 104x104x104 = 1,124,864 possible passwords.
0ne! – 104x104x104x104 = 116,985,856.
0ne1! = 1.2166529^10 it starts getting hard to write the number but this is all still “easy” for a computer.

Correcthorsebatterystaple = 2.66583633^50. The computer still has to try every character combination possible so length, even for a simple passwords gets INCREDIBLY hard, very quickly.

Length.
If passwords were minimum… 25 characters with all the usual complexity rules and ALSO 5t0pp3d th3 r3gu!4r number/letter/common special character substitutions (because they’re common enough to be coded into whatevers trying to guess passwords), they’d be harder still but hard for humans to remember too.

For each character added, there’s a squaring of the number of checks needed.

E.g. assuming the “normal” UK keyboard has about 104 alphanumeric symbols and characters and all are allowed…

0ne – 104x104x104 = 1,124,864 possible passwords.
0ne! – 104x104x104x104 = 116,985,856.
0ne1! = 1.2166529^10 it starts getting hard to write the number but this is all still “easy” for a computer.

Correcthorsebatterystaple = 2.66583633^50. The computer still has to try every character combination possible so length, even for a simple passwords gets INCREDIBLY hard, very quickly.

Length.
If passwords were minimum… 25 characters with all the usual complexity rules and ALSO 5t0pp3d th3 r3gu!4r number/letter/common special character substitutions (because they’re common enough to be coded into whatevers trying to guess passwords), they’d be harder still but hard for humans to remember too.

For each character added, there’s a squaring of the number of checks needed.

E.g. assuming the “normal” UK keyboard has about 104 alphanumeric symbols and characters and all are allowed…

0ne – 104x104x104 = 1,124,864 possible passwords.
0ne! – 104x104x104x104 = 116,985,856.
0ne1! = 1.2166529^10 it starts getting hard to write the number but this is all still “easy” for a computer.

Correcthorsebatterystaple = 2.66583633^50. The computer still has to try every character combination possible so length, even for a simple passwords gets INCREDIBLY hard, very quickly.

okay, let’s take the same number of characters. 16.

YourPasswordHere

re81a3CtR/1/1ha1

1 of those you are going to remember. the other, there is absolutely no chance, you’re going to have to write it down at the very least. They are going to take virtually the exact same amount of time for a brute force password cracker to solve, because it’s just trying random characters in random combinations, basically. in the end, what little bit of extra security the randomness supplies is more than offset by the added difficulty for you to remember it.

okay, let’s take the same number of characters. 16.

YourPasswordHere

re81a3CtR/1/1ha1

1 of those you are going to remember. the other, there is absolutely no chance, you’re going to have to write it down at the very least. They are going to take virtually the exact same amount of time for a brute force password cracker to solve, because it’s just trying random characters in random combinations, basically. in the end, what little bit of extra security the randomness supplies is more than offset by the added difficulty for you to remember it.