Your Really Long Password is Your Friend

By: 
Bryan Meadan

I know that people have been writing about passwords, password management, password memory techniques, and password encryption forever, but I'm not done.

Long passwords are your friend

Let me start with a few facts:
1) Our memories are limited.
2) Passwords are hard to remember.
3) Long passwords drive most people nuts.
4) Hackers want your password.

It seems the more people are connected to each other electronically, the longer passwords seem to get. Today it is estimated that a 8 digit password of numbers and letters without caps would take 29.02 seconds to crack assuming one hundred billion guesses per second (very possible today). Change one letter to a capital and it reaches 36 minutes -- better, but not there yet. The more complex the password, the longer it takes to type (and we type a lot of passwords), and the harder it is to remember. Add to that the fact that you should not use the same password over multiple sites, and you're mind will melt.

So here are some quick tips.

Use sentences or personal catch phrases: Capitalize at least one word and add a number or two at the end. Sentences are easy to remember. Taking that same 8 character password and adding 6 more characters, even without caps makes the crack time jump to 2,000 years. Capitalize a letter, 4,000,000 years. So how do you remember a 14 character password? Since at that length it really doesn't matter if there are actual words inside, just pick a catch phrase: "Mydogiscool212" or "Havesomehoney1." Not too hard right?

Use multiple passwords: So how do you avoid using the same password on each site while remembering the 1500 passwords you have? With the same catch phrase, just one letter change can solve that problem -- but I'd change two. Just take two letters from the site name and stick it somewhere in your password. So if you were to log into Facebook: "Myfadogiscool2" and Twitter: "Mytwdogiscool2." So even if your password is discovered on one site, it can't be used on another (most passwords are encrypted, so the actual characters aren't usually seen by hackers).

Long passwords are your friend: You can and should make your password sentence as long as possible. Today, most sites won't limit you to 14 characters, but some do. If you encounter a site that limits to less than that, firstly, find their contact page and let them know they're endangering the Internet. Then I always have an alternative simple password with caps, numbers and symbols for those sites.

Make it type-able : Another issue we need to take into account when coming up with the safe password is mobile devices. Typing in mobile devices is significantly more difficult than on a keyboard (except for teenagers for some reason). That's why I only capitalize the first letter -- makes it just a bit easier on a mobile device and has the same security value.

And now a test. Which is a safer password?
a) B.....2.....b.....
b) rw#F5g2sv

That's right, a) is far better, and really not hard to remember.

About the Author

Bryan Meadan Sociologist of the Internet

Bryan Meadan invented the Internet. Just kidding. But as a Sociologist and Web Developer he has been using sociology as a tool to create better sites since 1996. He builds exclusively with the Drupal Content Management Platform, and lectures and consults for businesses and non-profits around the globe.