SECURE PASSWORDS DON’T HAVE TO BE DIFFICULT
Before you start creating a password, let’s talk about elements of a good and bad password.
A good password has:
- 12+ characters
- Upper and lowercase letters
- Symbol
- Number
A bad password has:
- Less than 12 characters
- No variation in case (all lower or upper)
- Personal information (name, phone number, address)
- Part of your email/username
- No symbols or numbers
Rather than assuming that list is perfectly accurate, let’s talk about why those are the recommendations when thinking about your password.
Password length is incredibly important when creating a secure password. Each character adds exponentially more time to a brute force attack. For example:
- 10 digit password takes about 2 hours
- 11 digit password takes 6 days
- 12 digit password takes 1 year
- 13 digit password takes 64 years
If you add a special character, that increases the time even more. That 10 digit password now takes one week instead of two hours. So the more characters you add, the harder it is for a computer to brute force the password. If you keep your password all lowercase, this decreases the variability and is easier to guess because each letter now has an additional 26 options. This is why most websites require this. The reason why you should not use personal information such as a phone number, name, address, or part of your email, is that it is publicly accessible. It is very common for people to try this because it is easy to remember. Everyone remembers their phone number right? However, people breaking into accounts don’t just start with brute force methods, they try to guess using information that is out there.
So now you know what makes a good and bad password, and why. So now how can you make something that is both strong, hard to crack and guess, but is easy to remember. I dont know about you, but though SatC1!!Jlvm5 is a good password, there is no way I remember it. Then if you use good password etiquette and only use each password once, you are just setting yourself up for failure. So here are the tips we give when creating a good password you can remember.
- String 2-3 words together. These should be unrelated like Purple and Rhino, or something to that effect.
- Make the first letter of each word capital
- Add a number and symbol in the middle or at the end
Let’s take our example above. A great password (please don’t use this now since it is on the internet) is PurpleRhino19! That password is 14 Characters long with a special character. This is impossible to brute force (in your lifetime) and would be hard to guess, however you can remember that very easily. Again, don’t use this password yourself, since now that it is on the internet, it is searchable, and now is no longer a good password. However this should give you a great example of how to make your own strong password that is easy to remember.