Websites will often recommend you to create passwords that look something like this: b9fQWa!1d. Passwords like such are incredibly difficult to remember, especially considering the fact that you should never, ever reuse the same password across different services. Good luck remembering dozens of passwords like those. You can save the password in your browser, but that’s not going to help you when you need to sign into your e-mail from another device.
In this piece of text, I’d like to introduce a way to build passwords that are easy to remember yet difficult for computers to crack and humans to guess.
What a marvel, no? Here’s why this is the perfect password:
- It’s a phrase, easy to remember.
- The phrase is something I made up, not a common phrase.
- It contains complex characters that are naturally embedded into the phrase.
- It’s long, like that Weird Al song about a drive-through.
- It includes a foreign word, which protects it from dictionary attacks.
Let’s talk about it.
Building strong passwords with phrases
I would argue that the best way to create passwords is with phrases. You can create passwords that are incredibly difficult for computers to brute force and for humans to guess. A password like thisismyfacebookpasswordanditssosimpleyetyoucouldneverguessitgoodluckthough looks stupid, but neither human nor machine would be able to guess it.
It’s all lowercase; no numbers, no special characters. This might go against what you’ve been taught about password security, but the reality is that a piece of software that tries to brute-force your password by guessing every combination possible will take years upon years to crack a password of this length. Length beats complexity.
“Some services force users to add a number and a special character to their passwords. What often ends up happening is that the user creates something awful like this: Password1!.”
A major issue this password might face, though, could be dictionary attacks. A machine that doesn’t guess character by character but word by word. We can combat this flaw with several easy-to-implement improvements. We can build our phrases with special characters, and if we understand some words in a foreign language, we could add that to our phrase.
Like so: thisismyfacebookpasswordanditssosimpleyetyoucouldaldrig(!)guessitgoodluckthoughmiamore.
Aldrig is Swedish for never. I added (!) after the word, which makes sense to me since never is a strong word, and an exclamation mark can emphasize strong words. I also threw in the Italian phrase mi amore for good measure. It means “my love.”
This password is easy to remember yet extremely challenging for any human or machine to break.
My perfect password
Let’s examine this password: thepeopleofvästeråsare90%sexy. It’s both complex and long, yet it’s very easy to remember. Västerås is the name of a (real) city in Sweden, and it’s pronounced almost the same way as the fictional continent Westeros from Game of Thrones.
Some services force users to add a number and a special character to their passwords. What often ends up happening is that the user creates something awful like this: Password1!. It fulfills the criteria set by the platform, but it’s terrible. In my ideal password, numbers and special characters are seamlessly added to the phrase, rather than being an oddball added at the end.
“You should never reuse a password. Now, this is where the struggle with remembering begins.”
Again, foreign words are great. Now, an attacker doesn’t only need to worry about every word in the English alphabet (naturally ordered by frequency, not in alphabetical order), but also every dictionary of every language in the world. It doesn’t have to be a complex word either.
More perfect passwords
You should never reuse a password. Now, this is where the struggle with remembering begins. If it helps, you can tailor the phrases to the service you’re using, as I did with the Facebook password above.
ihatetwitteraberistilluseitdon’t@me (I hate Twitter, aber (German: but) I still use it don’t @ me).
INSTAGRAMISAMAZING!!!likemyphotosplx (Instagram is amazing! Like my photos, plx (Internet acronym: please)).
Still too much to remember?
All this said and done; maybe you still feel like it’s way too much work to create and remember all these phrases. Sure, this strange Swedish guy you found on the Internet, thanks to some recommendation algorithm, might be crazy about phrases, but they might not be suitable for you.
One of the most secure methods of managing passwords is through password managers. If you’re in a spot where you are using weak passwords or repeatedly reusing the same few passwords, you should definitely consider a password manager. They can generate strong passwords and remember them for you.
You could make the case that the perfect password is one that you don’t have to remember at all, which would be the case with a password manager.
Always enable two-factor authentication
No matter what you do, always enable two-factor authentication (also known as 2FA) whenever possible. 2FA means that you use another factor, a second platform, to sign into a service. For instance, if you’re trying to sign into a website on your laptop, you might be asked to open an app on your phone, generate a one-time code, and enter that code on your laptop.
2FA might seem like a hassle, but it’s a tremendous level of security. Also, authenticatior apps (like Google’s authenticatior) are more secure than using text messages for 2FA. Attackers can use various methods to redirect text messages to their device or intercept ones being sent to yours.
The perfect password
To summarize: my definition of a perfect password is one that’s easy to remember, challenging for a computer to crack, and difficult for a human to guess. Phrases are an excellent method for creating such passwords, but password managers might prove to be a better option for many users. Finally, 2FA adds an essential layer of security that one should always add whenever possible.
Great passwords don’t need to be difficult to remember.