Would you allow your house key to be a shape anyone could replicate? Most passwords are that shape. They aren’t an uneven surface that makes up lower and upper case, numbers and symbols. They are a completely flat level of generic words used to make it easier for you to remember them.
Contrary to popular belief, you can have a secure password with little effort from your end, there are even password generators online! However, these aren’t recommended unless you plan to write down your passwords in a secure location or use a password manager. They are designed to be as complex as possible and there is no point having a password that will require you to fill out the ‘forgot your password’ form every time you attempt to log in, as you’ve forgotten your unreasonably complicated password. Here at Optimal Tools, we have been exploring password methods that are secure but will not require a photographic memory to use.
The higher the character count the better
A longer password will always be stronger than a shorter one. For example, a short password such as ‘hellomy’ can be theoretically hacked in 2 seconds, whereas a longer password such as ‘hellomynameis’ would take 19 years.
Your password needs to have random words in it that do not relate to each other
Hackers will attempt to crack a password by throwing commonly used phrases and dictionary words. You could have a mix of words such as ‘carplantdogmoney’ which would give you a nice character count and is still possible to remember.
Use a variety of upper and lower case, symbols and numbers
Once you bring in all these different types of characters, it seems like your password could already be too complicated to remember. Let’s say you’ve decided on your long password as ‘carplantdogmoney’, you could add a capital letter anywhere in there, for example ‘Carplantdogmoney’. Then add a symbol and number (make sure it is not your birth year), ‘Carplantdogmoney9!’.
If we put ‘Carplantdogmoney9!’ into https://howsecureismypassword.net/ it would take 71 quadrillion years to crack that password. If that password is a bit too complex, you can remove a random word and double check it’s still secure. I removed ‘money’ to make it ‘Carplantdog9!’ and it would still take 26 million years to crack.
We also recommend that you use different passwords for different sites and services. Using the same password across the board is a massive security risk; if a website you are registered on is compromised and your password is exposed, they will have access to every service you use. If you followed the password format we’ve used here, you could add in a random word for each website you use. If you use Dropbox, you could change the first random word to drop and the last to box which would make it ‘Dropplantbox9!’.