Say N0 2 S1Lly P4$$words

It might be worth reconsidering the password policy of your organisation. If you want a strong password try combining four common words as this XKCD comic suggests.

correct horse battery staple
<img src='https://imgs.xkcd.com/comics/password_strength.png"/>

According to the author of one of the world’s most sophisticated password hacking tools, it is best to think of password strength in terms of guesses per dollar. What does this mean…

4 words

“correct horse battery staple” - would cost half a million dollars to crack.

5 words

“quire piazza known soon thrips” - about 2 billion dollars

6 words

“incident sidewall serif gradate agonize humor” - about 8 trillion dollars

7 words

“winsome amoral flagpole fee ivan sadly lawgiver” the GDP of the world for 60’000 years.

12 words

Many bitcoin wallet passwords use 12 words. There’s literally not enough energy in the universe to crack them; even with a quantum computer.

Summary

The great thing about using random dictionary words is that they’re easy to remember because we can construct stories around them. Four common words is probably a good starting point for a password policy. Isn’t that easier than r3Me8er1ng something more complicat3d?

One last piece of advice: use a random password generator and keep your passwords in a vault such as 1Password. Humans are terrible at picking random words and numbers. As shown in the image below, if you ask people to pick a random number between 1 and 20, 20% will pick the number 17! Let the computer randomly pick the words then construct a story about them so you can memorise them. I bet you can remember the “correct horse seeing the battery with a staple in it” already.

<img src='http://scienceblogs.com/cognitivedaily/wp-content/blogs.dir/262/files/2012/04/i-a03a7810e186eeba8d2dff79d04afcd6-random1.gif"/>

P.S. Don’t use “correct horse battery staple” as your password :)


-->