What’s a good password?
Day 325 / 365
It’s infuriating trying to set a good password on some of the websites these days. You want it to be hard to crack, gone are the days when people just used ‘123456’ as their Orkut passwords. You couldn’t use that today even if you wanted to. Websites today would force people to choose ‘secure’ passwords by enforcing random rules. You must you a small character, large character, a number, a special character, must not use any part of your name. The list goes on.
But do these rules actually help you in choosing a more secure password?
Part of the reason we have these rules today is a research paper that a guy called Bill Burr wrote back in 2003. It was an 8-page guide about how to create secure passwords. The same guy, now a retired 72-year-old, admits that his guide was basically useless, and feels sorry about how this has become an annoyance to Internet users.
Why these rules don’t work?
There are two aspects of making a good password
- They should be easy to remember
- They should be hard to guess
Using obscure special characters in your password is intended to make it hard to guess. But at the same time, it makes it hard to remember the password as well. Did you use an o or a zero, a ‘3’ or an e, which word was capital?
And how hard it is to guess a password. Hackers obviously don’t do it manually. They write computer programs that do it for them, checking each and every combination of characters to see which one works. If you had a password around 12 characters long a computer program can guess that in about a few days.
How can you make your password better?
The obvious way to make your password more secure is to make it longer. But, a password like Raj@!#3aT was already hard to remember, how could you possibly make it any longer without losing your will to live?
A good approach that many suggest is to use a sentence as your password. Something like “ihaveablueguitar” or if you are feeling more crazy you can do “IHaveABlueGuitar”. It is long so it is tough to guess, yet it is still easy to remember.
Unfortunately, until the web does away with the ridiculous password requirements, you won’t be able to use such passwords any time soon.
This post is part of my 365 Day Project for 2019. Read about it here
Yesterday’s blog — The Backfire Effect