Why is 3 random words as a password better than a load of random characters?

1.71K views

Why is 3 random words as a password better than a load of random characters?

In: 52

75 Answers

Anonymous 0 Comments

There are 26 letters in the alphabet, you can combine 10 of them in ~140 trillion different ways. There are ~170,000 English words currently in use, you can combine 3 of them in ~5 quadrillion different ways.

Remembering 3 words is a lot *easier* than remembering 10 letters, while also being a lot more *secure*.

Anonymous 0 Comments

There are 26 letters in the alphabet, you can combine 10 of them in ~140 trillion different ways. There are ~170,000 English words currently in use, you can combine 3 of them in ~5 quadrillion different ways.

Remembering 3 words is a lot *easier* than remembering 10 letters, while also being a lot more *secure*.

Anonymous 0 Comments

I think the one thing that people aren’t mentioning which helps explain why this is a better method is that when a password gets turned into a hash, at least with modern hashes, that hash is always the same length no matter what the password is. So if I have the password of dog and I have the password of supercalifragilisticexpialidocious, those hashes will be the same length. Changing just one letter of the password (say to dod) completely changes the hash as well. This means that the hacker can’t tell from looking at the hash how long the password is or if 2 passwords have similar characters. So say they have cracked the password hunter2, they can’t tell just by looking at it that yours is hunter3 as the hash will be completely different. The only time they would be able to tell is if you had the exact same password as someone else. This means that hackers have to try every character combination as they can’t just tell what strategy you have used and so having a longer password, even if they are all characters means that there are more guesses that would have to be done. Now this does go down a bit if they start doing dictionary attacks but it is still a very large number

Anonymous 0 Comments

I think the one thing that people aren’t mentioning which helps explain why this is a better method is that when a password gets turned into a hash, at least with modern hashes, that hash is always the same length no matter what the password is. So if I have the password of dog and I have the password of supercalifragilisticexpialidocious, those hashes will be the same length. Changing just one letter of the password (say to dod) completely changes the hash as well. This means that the hacker can’t tell from looking at the hash how long the password is or if 2 passwords have similar characters. So say they have cracked the password hunter2, they can’t tell just by looking at it that yours is hunter3 as the hash will be completely different. The only time they would be able to tell is if you had the exact same password as someone else. This means that hackers have to try every character combination as they can’t just tell what strategy you have used and so having a longer password, even if they are all characters means that there are more guesses that would have to be done. Now this does go down a bit if they start doing dictionary attacks but it is still a very large number

Anonymous 0 Comments

I think the one thing that people aren’t mentioning which helps explain why this is a better method is that when a password gets turned into a hash, at least with modern hashes, that hash is always the same length no matter what the password is. So if I have the password of dog and I have the password of supercalifragilisticexpialidocious, those hashes will be the same length. Changing just one letter of the password (say to dod) completely changes the hash as well. This means that the hacker can’t tell from looking at the hash how long the password is or if 2 passwords have similar characters. So say they have cracked the password hunter2, they can’t tell just by looking at it that yours is hunter3 as the hash will be completely different. The only time they would be able to tell is if you had the exact same password as someone else. This means that hackers have to try every character combination as they can’t just tell what strategy you have used and so having a longer password, even if they are all characters means that there are more guesses that would have to be done. Now this does go down a bit if they start doing dictionary attacks but it is still a very large number

Anonymous 0 Comments

There are pros and cons to using both methods assuming they’re equal in length.

Random words

-Easier to crack

-Easier to remember (you wont have to write it down anywhere)

-Slightly More prone to a Social Engineering attack, More prone to being cracked

Random Characters

-Harder to crack

-Must be written down somewhere

-More prone to the password being compromised by finding the location the password is
stored, eg. seen on sticky note, seen in .txt file.

These are the main differences I can think of right now, there are probably more however. A company might tell you a 3word password is better because they are more worried about it being compromised by someone finding where a password is stored than it being cracked.

Anonymous 0 Comments

There are pros and cons to using both methods assuming they’re equal in length.

Random words

-Easier to crack

-Easier to remember (you wont have to write it down anywhere)

-Slightly More prone to a Social Engineering attack, More prone to being cracked

Random Characters

-Harder to crack

-Must be written down somewhere

-More prone to the password being compromised by finding the location the password is
stored, eg. seen on sticky note, seen in .txt file.

These are the main differences I can think of right now, there are probably more however. A company might tell you a 3word password is better because they are more worried about it being compromised by someone finding where a password is stored than it being cracked.

Anonymous 0 Comments

There are pros and cons to using both methods assuming they’re equal in length.

Random words

-Easier to crack

-Easier to remember (you wont have to write it down anywhere)

-Slightly More prone to a Social Engineering attack, More prone to being cracked

Random Characters

-Harder to crack

-Must be written down somewhere

-More prone to the password being compromised by finding the location the password is
stored, eg. seen on sticky note, seen in .txt file.

These are the main differences I can think of right now, there are probably more however. A company might tell you a 3word password is better because they are more worried about it being compromised by someone finding where a password is stored than it being cracked.

Anonymous 0 Comments

It’s easier for you to remember but it’s really long. Adding more characters to a password exponentially increases the potential combinations that a brute force attack would have to go through. If you search “how long to brute force password” you will see that adding just a few more characters to a password can add years and years to the time it would take to break in like that. Having a password you can memorize is also more secure because anyone who has access to your computer also has your password if it’s written down there.

Anonymous 0 Comments

It’s easier for you to remember but it’s really long. Adding more characters to a password exponentially increases the potential combinations that a brute force attack would have to go through. If you search “how long to brute force password” you will see that adding just a few more characters to a password can add years and years to the time it would take to break in like that. Having a password you can memorize is also more secure because anyone who has access to your computer also has your password if it’s written down there.