With the enormous number of passwords we require in our day to day lives, it’s no wonder that people reuse them across multiple sites, or use the minimum complexity they can get away with. How does anyone store that many complex passwords in their head all at once?
A good password is hard to guess but easy to remember. It has uppercase letters and lowercase letters, numbers, special characters, and it is long. It doesn’t include any personal information.
This scares a lot of people, but it doesn’t have to look like this:
On the other hand, it shouldn’t look like this:
Instead, there is another method of creating a good password, called a passphrase. It has uppercase letters and lowercase letters, numbers, special characters, and it is long.
It looks something like this:
The phone sits next to 3 keys. It is on the desk!
Not all password fields will allow spaces; this can be alleviated by using a different character instead of a space.
For example, if I replace the space with the letter z:
A passphrase gains complexity with each element that is included in it, but it remains easy for a human brain to recall. It’s also easier to input without errors than the original complex password shown.
But the program says my password is too long!
Sentences are wonderful things. They vary in length. If the program or website that you’re constructing a password for doesn’t allow a lengthy password, choose a shorter one. Shorter sentences can be memorable, while still having complexity. It’s preferable to aim for the upper margins of what’s allowed, rather than the lower margins. If the program allows for a password of 4-14 characters, choose 14 characters rather than 4, such as in this example:
So why can’t I use this great password everywhere?
It’s important to avoid reusing passwords. Not every organisation will safely store your password, and if you’ve reused passwords and one site gets breached, this can then mean that other sites you use are also affected.
Are there bad passphrases?
Not all passphrases are good to use as passwords. Book or song titles, song lyrics, or commonly known quotes may be present in password dictionaries. However, creating a unique sentence about the things around you will ensure that you’re not treading the same territory that hackers have already covered.
Meanwhile, you can check if your account has been breached by searching at https://haveibeenpwned.com/. This handy service will allow you to see what the breach was, when your account was breached, whether your details were pasted anywhere, and the source of the breach.