The Secret to a Great Password

The Secret to a Great Password

It is always said by a lot of security experts that the best password is one that is hard to remember. Something like “NJ*&%^))sdao!” would be considered a great password by most people. However, Security expert Thomas Baekdal argues that these random passwords, while secure, are not as secure as a more memorable and simple phrase. In other words, “I love my dog” is a more secure password than “&^GtmmI8:!*#a”, even though the number of characters is the same. Here is the reason:

Baekdal premises that using the three most common methods of cracking are really only useful if a password can be cracked in a usable amount of time. If a password can be cracked in a few minutes (like using the word “password”), you have failed to secure whatever it is you are trying to secure.

The 3 kinds of password cracking methods commonly used are:

  • · Brute-force,
  • · Common word
  • · Dictionary attacks

Using these methods, if it can be cracked in about a month, that’s still a long time, but not entirely secure. A year is a good start mark for a really secure password, but the best passwords take a lifetime to crack. Baekdal states that a gibberish password, like T56$11#, will take over 200 years to crack using a brute-force attack (the fastest method). That’s secure for your lifetime, but it’s not very easy to remember. On the other hand, a phrase like “Good day sunshine” would take over 2500 years to crack using a brute-force attack. It’s not only more secure, but also easier to remember.

The main trick here is the spaces, which are special characters (you could use – or ! instead of spaces, if you wanted to). Uncommon words also increase the complexity, so if you want your password to outlive the human race you could use something like “Bibidity Bopity Boo”.

It might be a good time to review not only the complexity of your passwords but your overall company policy around the usage of passwords and where they are stored given that password cracking is not one of the most common issues with cyber security.

Thomas Caldwell Senior Support Lead Adaptive Technology Group, LLC