Passwords today are even more important in the modern interconnected world. We are, normally, limited to a set number of characters. It must contain punctuation and/or a number. This forces you to come up with gibberish that can be hard to remember but, sometimes, easy to break using a computer.
I read,many years ago, a piece about the new encryption program PGP. It was causing some problems with law enforcement due to the secure nature of the underlying algorithm.
A comparison piece talked about good passwords. It said, something like, make them “easy to remember”, abusive and/or racist, and possibly misspelt.
I must point out the examples below do not indicate any political/ideological standpoint but just show the above ideas.
KillA11DaK00nz
BiteDaBullez@Dye
They can look like some early 90s gangsta rap song titles, so dig out your old N.W.A. albums for inspiration 🙂
Back to what I was saying. It was all down to a, quite old by now, XKCD post about passwords that got me thinking about writing this post.
The idea, as you can see, is all down to how complex a password can become by just using words. Four, reasonably, long words chained together to make something that is easy to remember and, strangely, quite difficult to crack using a computer.
What? I hear you say. Just normal words… How can that be more secure that dkAM£&79qM?
Its quite simple. Normal password cracking programme use what is called a dictionary attack. It just goes through a huge list of words in the hope that one matches. The other way is to use a brute-force approach. Starting with the password ‘a’ and then continuing until you get a match.
Both these methods are getting quicker and quicker as Moore’s law implies. However the XKCD approach of using a story for a password just adds levels of complexity, more characters, into the mix.
So, making a story is easier for a human to remember but more complex for a computer to break. Every character, even if they are just a letter, adds another 52 possible combinations to try. Length does add to complexity in the same was as using non alphabetical characters do in the more classical way to generate passwords.
LittleVampiresEatingCheese may not seem to be a good password but think about it.
How many letters are there? Remember each position there is 51 wrong answers. In other words there are 26 characters, each with a possible 52 different combinations giving us 3.79×10^73 possible combinations to check.
Its easy to remember and therefore recallable. So think of a story. you can change and to & and not to ! to make sure it keeps with any password policies that are there. If you need numbers than use aircraft in your password, such as, NearMissBetweenSR71&U2.
So, in conclusion – Keep your passwords long and make them tell a story so they can be remembered.