Traditional passwords are terrible. They are hard to remember, hard to type, and at the end of the day, not at all secure.
The better solution is passphrases. A passphrase is a series of words stuck together to make your 'password'.
Why Passwords are Terrible
Essentially modern computers run fast and can easily brute force guess a password. Here is an example:
Password: Tr0ub4dor&3
This password appears to be good. It meets all the traditional requirements, a capital letter, a number, and even has a special character.
Between capitalization, number and symbol substitutions this password has about 28 bits of information entropy. Information entropy is the average level of uncertain information.
If we give a computer 1,000 guesses a second, it will take it roughly 3 days to randomly guess the password. That is extremely fast.
It is an easily guessed password that is difficult to remember. So difficult you probably just increment the last number each time it needs to be changed.
Why Passphrases are Better
Passphrase: correcthorsebatterystaple
This is a passphrase. It is a simple phrase made up from random words and stuck together. Much easier to remember! This passphrase has about 44 bits of entropy.
28 bits vs 44 bits does not seem like much, but at 1,000 guesses a second it would take 550 years to guess this password. 3 days vs 550 years, quite a significant difference. Not only is this a much more secure password, but it is also much easier to remember.
Passphrases not Passwords!
Passphrase Dos and Don'ts
DO
- Use 3-5 words randomly picked and stich together
- Add in symbols and numbers (not replacing letters)
- Use unique passphrases for different services
- Use a passphrase manager
DO NOTS
- Use one passphrase for all services
- Use personal information or business information
- Use same passphrase and increment the number
- Use replacement characters or symbols