Why is 3 random words as a password better than a load of random characters?
In: 52
A password serves it’s purpose best when it is easy for you to remember and difficult for a computer to guess.
Some would say that using numbers and special characters in your password makes it harder for a computer to guess it. They are wrong! The computer guessing would have no way to know in advance that you didn’t use any numbers or special characters. Therefore, it will still guess them. So, it doesn’t matter at all which characters you use.
Length does matter. This is because a computer would try all the shortest passwords first, and work it’s way towards longer passwords over time. Let’s say a computer can guess 100,000 passwords a second, and that you can use 26 upper and 26 lower case letters, 10 digits, and 20 special characters to make the password. It can guess all the 3 character passwords in about 5 and a half seconds. It can guess the 4 character passwords in 7 and a half minutes. But 5 characters? It’ll take over 10 hours. Adding more length makes it far more difficult for your password to be guessed.
So the question is how do you make a long password that you can also remember well? Because that’s what makes a password good, being long and memorable such that you can use it but it can’t be guessed easily by a computer. One great way to do that is by creating a phrase or sentence that you’ll remember, such as AllBlackCatsGoToHeaven. However, even this method isn’t the best I’ve found. It’s great if you only want to remember a few passwords, but if you have passwords for many different things as we do nowadays, how do you remember which password goes to what?
And this is why I use something called a Password Formula for my passwords. The goal is to make my passwords long, memorable, AND different from each other. Different because you want your bank account to stay safe even when someone might steal your Facebook password. Here’s how a password Formula works: Start with a base password that has a variable section(s) in it. For example, All[var]CatsGoToHeaven. Now, come up with a rule, based on the service you are making a password for, to fill in the variable section(s). For example, take the first two letters and the last two letters of the service name. So I would take Faok from Facebook and fill that in to make AllFaokCatsGoToHeaven. Yet, for Reddit it would be AllReitCatsGoToHeaven. Now all my passwords are long, memorable, and different from each other. This is the best way.
A password serves it’s purpose best when it is easy for you to remember and difficult for a computer to guess.
Some would say that using numbers and special characters in your password makes it harder for a computer to guess it. They are wrong! The computer guessing would have no way to know in advance that you didn’t use any numbers or special characters. Therefore, it will still guess them. So, it doesn’t matter at all which characters you use.
Length does matter. This is because a computer would try all the shortest passwords first, and work it’s way towards longer passwords over time. Let’s say a computer can guess 100,000 passwords a second, and that you can use 26 upper and 26 lower case letters, 10 digits, and 20 special characters to make the password. It can guess all the 3 character passwords in about 5 and a half seconds. It can guess the 4 character passwords in 7 and a half minutes. But 5 characters? It’ll take over 10 hours. Adding more length makes it far more difficult for your password to be guessed.
So the question is how do you make a long password that you can also remember well? Because that’s what makes a password good, being long and memorable such that you can use it but it can’t be guessed easily by a computer. One great way to do that is by creating a phrase or sentence that you’ll remember, such as AllBlackCatsGoToHeaven. However, even this method isn’t the best I’ve found. It’s great if you only want to remember a few passwords, but if you have passwords for many different things as we do nowadays, how do you remember which password goes to what?
And this is why I use something called a Password Formula for my passwords. The goal is to make my passwords long, memorable, AND different from each other. Different because you want your bank account to stay safe even when someone might steal your Facebook password. Here’s how a password Formula works: Start with a base password that has a variable section(s) in it. For example, All[var]CatsGoToHeaven. Now, come up with a rule, based on the service you are making a password for, to fill in the variable section(s). For example, take the first two letters and the last two letters of the service name. So I would take Faok from Facebook and fill that in to make AllFaokCatsGoToHeaven. Yet, for Reddit it would be AllReitCatsGoToHeaven. Now all my passwords are long, memorable, and different from each other. This is the best way.
okay, let’s take the same number of characters. 16.
YourPasswordHere
re81a3CtR/1/1ha1
1 of those you are going to remember. the other, there is absolutely no chance, you’re going to have to write it down at the very least. They are going to take virtually the exact same amount of time for a brute force password cracker to solve, because it’s just trying random characters in random combinations, basically. in the end, what little bit of extra security the randomness supplies is more than offset by the added difficulty for you to remember it.
A password serves it’s purpose best when it is easy for you to remember and difficult for a computer to guess.
Some would say that using numbers and special characters in your password makes it harder for a computer to guess it. They are wrong! The computer guessing would have no way to know in advance that you didn’t use any numbers or special characters. Therefore, it will still guess them. So, it doesn’t matter at all which characters you use.
Length does matter. This is because a computer would try all the shortest passwords first, and work it’s way towards longer passwords over time. Let’s say a computer can guess 100,000 passwords a second, and that you can use 26 upper and 26 lower case letters, 10 digits, and 20 special characters to make the password. It can guess all the 3 character passwords in about 5 and a half seconds. It can guess the 4 character passwords in 7 and a half minutes. But 5 characters? It’ll take over 10 hours. Adding more length makes it far more difficult for your password to be guessed.
So the question is how do you make a long password that you can also remember well? Because that’s what makes a password good, being long and memorable such that you can use it but it can’t be guessed easily by a computer. One great way to do that is by creating a phrase or sentence that you’ll remember, such as AllBlackCatsGoToHeaven. However, even this method isn’t the best I’ve found. It’s great if you only want to remember a few passwords, but if you have passwords for many different things as we do nowadays, how do you remember which password goes to what?
And this is why I use something called a Password Formula for my passwords. The goal is to make my passwords long, memorable, AND different from each other. Different because you want your bank account to stay safe even when someone might steal your Facebook password. Here’s how a password Formula works: Start with a base password that has a variable section(s) in it. For example, All[var]CatsGoToHeaven. Now, come up with a rule, based on the service you are making a password for, to fill in the variable section(s). For example, take the first two letters and the last two letters of the service name. So I would take Faok from Facebook and fill that in to make AllFaokCatsGoToHeaven. Yet, for Reddit it would be AllReitCatsGoToHeaven. Now all my passwords are long, memorable, and different from each other. This is the best way.
Thanks for all the feedback! All very helpful! 🙂
Thanks for all the feedback! All very helpful! 🙂
Thanks for all the feedback! All very helpful! 🙂
To prevent a computer from guessing your password, longer is better. Numbers and symbols are just “extra letters” and are not that hard for a computer to guess.
Numbers, symbols, and substitutions certainly do make it harder for people to guess.
A true really strong password would be both random and long but that’s super hard for an actual person to use for their actual password (I can’t use a password manager at work) but long plaintext passwords are a good middle ground.. easier to remember/use but long enough that they’re cryptographically secure
To prevent a computer from guessing your password, longer is better. Numbers and symbols are just “extra letters” and are not that hard for a computer to guess.
Numbers, symbols, and substitutions certainly do make it harder for people to guess.
A true really strong password would be both random and long but that’s super hard for an actual person to use for their actual password (I can’t use a password manager at work) but long plaintext passwords are a good middle ground.. easier to remember/use but long enough that they’re cryptographically secure
To prevent a computer from guessing your password, longer is better. Numbers and symbols are just “extra letters” and are not that hard for a computer to guess.
Numbers, symbols, and substitutions certainly do make it harder for people to guess.
A true really strong password would be both random and long but that’s super hard for an actual person to use for their actual password (I can’t use a password manager at work) but long plaintext passwords are a good middle ground.. easier to remember/use but long enough that they’re cryptographically secure
Latest Answers