The Art and Science of Passwords - Redux

Here's the right way to a great password that is effective and yet easy to remember.

password binder notebook rx.jpeg

We've long been taught to include three elements for a strong password:

1) Length

2) Randomness

3) Complexity

So, as an example, we’ve been creating passwords that look something like this:

Str@wberry1!

This example is 12 characters long. Not bad. It's random because it doesn’t include anything predictable, like a child or pet name.  And the password is complex because it uses caps and lower-case letters mixed with a number and a symbol.

Unfortunately, while passwords constructed this way are easy to create, they are not easy to remember. More importantly, they're also easy to crack very quickly using hacking software that anyone can find on the Internet. For free.

There must be a better way!

Well, there is, and it starts with math.

The Smart Approach to Creating Passwords

The mathematical driver to creating a password that is difficult or impossible to crack is length, not complexity of characters. Randomness is still important because hackers feed password-cracking software with personal information to increase their odds of success.  So, we can deduce that the most effective passwords are long and random.

To be safe today your passwords should be at least 14 characters long.  But, we must also be able to remember our long, random password. Here is how:

Determine an arbitrary phrase using multiple, random words that create an image in your mind that you can draw on from memory.  The words in your random phrase should include a total of at least 14 characters. More is better. For each character you add at this point numerically you are leveraging the laws of very large numbers.

Now our example password using only length and randomness (without hard to remember complexity like in the first example) might look something like this:

cowboysmilingpalmmoon

The image of a cowboy smiling while leaning on a palm tree planted on the moon is easy to remember. And the password is 21 letters long!  The various combinations of 21 random letters are infinitely greater than 14 complex characters.  Even sophisticated hacking software that processes 1,000 guesses per second would take hundreds of years to crack a password of this length.

Master Passwords and Password Managers

Even with this approach though we humans just can't remember that many passwords, regardless of length or lack of complexity.  That's why we recommend a password manager.  

With a password manager you can use the "Art and Science" approach to safe passwords to create a single master password for entry to your password vault.  From there, everything becomes automated, synced, and backed up.  Password nirvana!  In fact, we recommended using a password manager as the best idea to start 2017.  You can read more about it here:

Read More

Share:

Recent Posts