Why should I use a random passphrase?

People are really not that great at creating secure passwords. The famous xkcd cartoon explained it well. Humans have been trained to use hard to remember passwords that are easy for computers to guess. It’s not easy to create a strong memorable password. Most people can make their passwords strong or memorable, but usually not both.

Advertisement
Search and Buy Domains from Namecheap - Lowest Prices!

People usually end up using one of a limited and predictable set of patterns when creating passwords. They base them on things they can remember. Such as names, locations and dates or even common English words. Sometimes they’ll add some security with an uppercase letter, some numbers, or a symbol.

Through 20 years of effort, we’ve successfully trained everyone to use passwords that are hard for humans to remember, but easy for computers to guess.

Password Strength cartoon on xkcd.com

Does your password fall into this group?

Bad Password PatternsWill a user remember it?Time To Guess
A common word. (example: password, computer, happy)Yes.10 milliseconds
An easily-typed keyboard pattern. (example: qwerty, abc123, 1qaz, or aaaabbbb)Yes.22 milliseconds
The family dog. (example: fluffy, bowser, sparky)Yes.27 milliseconds
An important number, such as a date or zip code. (example: 90210, 09112001)It’s memorable to you, certainly.3.5 seconds
A word with trivial letter-to-number substitution. (example: c4t, d0g, fr3sh)Somewhat memorable, however you could forget which letters are substituted for numbers.6.3 seconds

Given these points, if your password follows any of the listed patterns consider your password to be insanely crackable. Even if you chose a mix of these patterns, such as common word + number, in the long run it would be trivial for cyber criminals to crack.

Compare to passphrases:

Password PatternIs It Memorable?Time To Crack
Four or more randomly selected words (example: wiggly tudor hammer wrestler)Enter this several times and you’ll have it committed to memory.7.6 centuries. 
Advertisement

Help us on our quest to make passwords more secure!




Your contribution to our cause is highly appreciated!
Donate Now!

Is it really so simple to crack passwords? How do they do it, exactly?

The way hackers go about cracking looks something like this:

  1. First, the hackers start with common wordlists. There are websites that offer compiled lists of frequently used passwords, for example. Other sources are dictionary files containing every word in a particular language. There are also lists of all Medical words, or all Programming terms, all names, dates. In other words, in under one second 30% of all passwords will be cracked.
  2. Once the hackers have exhausted those wordlists, they will try all of the words again using common substitutions: capitalizing the first letter (manual → Manual), common letter-for-number replacements (buccaneers → buc4n33rs), as well as many other common password tricks people use.
  3. Next, the hackers combine the previous wordlists using many different character and numbers seeded into each final password. Name + date (sara122521). Name + [separator] + date (sally-092121).
  4. When none of these methods work, hackers fall back to generating every possible combination of characters. This means a to aaaaaaaaaaaaa, and a1 to a99999999999, b9999999 and so on. This is why having more characters, numbers and letters in your password is useful.

If a password is based on any combination of the above steps, it can eventually be cracked. Depending on how well-protected a website secures your password, modern computers can try anywhere between 10,000 and 350 billion guesses per second.

Keeping yourself secure requires using a random passphrase instead of a password.
Your passphrase can protect you from cyber crime. Selecciona el vínculo Restablecer contraseña en la pantalla de inicio de sesión

Your best security is using a truly random password generator like the one at Safestpasswords.com.

Normal passwords are easily defeated. Why should I make a random passphrase instead of, rGz3$!baz5kd0h?

There are all kinds of password generators on the internet that combine a bunch of random characters to create a strong password. These random passwords are definitely secure, but they are also extremely difficult to remember. Therefore people end up writing them down. Or they constantly need to use the forgot password or password reset feature of the site. As a result, these practices only make the password less secure.

Random passphrases provide the best combination of security and memorable passwords.

Compare two 15-character passwords:

PasswordTime to crack
Fe+4NTs1&A38ih453 million years
OasisPapaLegBot8.9 centuries
Which will you remember? Plan on being around in 9 centuries?

Let’s put it another way, the formula for the perfect password management strategy is really easy.

1. Use a password manager.

Firefox, Chrome, Safari and Internet Explorer have built in password managers. But if you want to use your passwords across devices you should probably use one of these:

  • 1 Password (Windows, Mac, iOS, Android)
  • LastPass (iOS, Android; Chrome plugin works on Windows, Mac, Linux)
  • KeePass (Linux, Windows, Mac, Android)

2. Use a strong master password for your password manager.

This is why a passphrase would be especially useful. In the long run you’ll have better security and peace of mind.

3. Use a new passphrase for every site or account.

sage cost decor unify steam
xerox drama tree plus stem
baked cycle wound clasp tusk
unyielding dug nefarious

If you are really paranoid, however, you can use something called diceware. Diceware is a completely offline, completely analog method of creating passphrases. It involves six dice, and a printed wordlist. The author also recommends that you close your blinds while creating new passwords using it if you truly care about password security.

Advertisement

Help us on our quest to make passwords more secure!




Your contribution to our cause is highly appreciated!
Donate Now!

This article was printed from the Password Clinic website on .
Please visit https://passwordclinic.com for the latest version.
QR Code link to https://passwordclinic.com/creating-the-safest-password/why-should-i-use-a-random-passphrase/%3Futm_source%3Dprint-qr-code%26utm_medium%3Dprint%26utm_campaign%3Dbrand-awareness%26utm_content%3Dnull%26utm_term%3Dnull