Best Passwords??

I have heard a random sequence of words creates a much more secure password than one word with a capital letter, number, and punctuation. Why do like 90% of websites still demand the latter?

"Caticecrownvanilla" VS "House2!"
 

johnb35

Administrator
Staff member
Cause a mix of capitals, letters, numbers, and special characters would be harder to figure out then a couple words put together.
 

johnb35

Administrator
Staff member
Because words are just letters. When you have a mix of 4 different things, its harder to figure out. It's common sense.
 

beers

Moderator
Staff member
Depends on perspective. There's a 'correct horse battery staple' password guide that increases theoretical complexity while greatly increasing the length of the passphrase.

The downside of this though is that if you just combine common words, it's easy to mutate password guesses just to stack known words together. If everything is in lower case and has no symbols, there's a limited amount of possibilities. From a symbol perspective you are adding another character set (so does capital letters) so the combinations per each character increase exponentially. I'd combine both styles so you have a long password with an expanded character set that doesn't automatically match stacked dictionary words.

There's a calculator here that will give you a mathematical amount of options for each style, keep in mind that passwords also contain a human element, so what is mathematically a large amount can be narrowed down if you know anything about common habits or those elements about the user specifically.
 

Samuel1941

Member
Beers.........

Thank you for the link!!
Wow!! Made a believer out of me!
I'm going to reinforce some of my passwords!!
 
Usually there is a balance between how "safe" a password is considered to be and the willingness of using it!

To be honest, most people try more secure passwords, and when they have been forced to use the "lost password"-feature a couple of times, they resort to their old habits again... Which is shown in the list of the most common passwords!

So in REALITY there must be a balance between the ability to actually remember the password and how "secure" it is..

And since I have been in this trap myself.. I have learnt to use a Swedish method of CREATING MORE SECURE PASSWORDS that at the same time are easier to remember and to type! It´s called the WinGuider-Method (from https://www.winguider.se/en/ )and it´s so simple!

The WinGuider-method is that you make up a sentence of at least 8 words, you then enter the 1st character of each word as a password..

The sentence "My cat Meow has black and white fur" forms the secure password: McMhbawf or McMhb&wf.
This is much safer than using the partner's, children's, pets, etc. names, dates of birth, etc. that too many people use as passwords.

WinGuider-Method is so simple that you can easily teach it to both children and the elderly.. And everyone in between.
I highly recommend it!
You use regular typing rules, And it´s easy to find a sentence that contains numbers if that is required!
You decide how log password you like to use, but the minimum of 8 characters is to be regarded as a true minimum..

As it used to say on t-shirts when I was younger! ** TRY IT, YOU WILL LIKE IT!
You might even teach your kids this... So they learn to be safe in young years... :)

Edit: added the source, since it´s required for possible copyright reasons!
 

johnb35

Administrator
Staff member
It's certainly more characters used though. And inserting numbers between the words could add just one dimension to it.
So why do you think banks and credit card companies have changed it so you have to add special characters, caps and numbers to a password? People tend to use the same password for all accounts. That's not a good idea.
 
So why do you think banks and credit card companies have changed it so you have to add special characters, caps and numbers to a password? People tend to use the same password for all accounts. That's not a good idea.
What does that have to do with a string of random words? All my passwords are very different and most browsers remember it for me. Rarely would I need to actually remember it (all written down) and they should be very secure from anyone guessing. And in any event the financial sites have you replace a password at least once a year anyway.
 

johnb35

Administrator
Staff member
And in any event the financial sites have you replace a password at least once a year anyway.
No they don't. I pay all my credit card bills online and they have never requested me to change my password. My bank hasn't even required me to change my password.
 

voyagerfan99

Master of Turning Things Off and Back On Again
Staff member
So in REALITY there must be a balance between the ability to actually remember the password and how "secure" it is..
Why do you need to remember a password? I just have Lastpass generate all my passwords. The only password I need to remember is the one to log into my computer and the master password to log into Lastpass.
 
Why do you need to remember a password? I just have Lastpass generate all my passwords. The only password I need to remember is the one to log into my computer and the master password to log into Lastpass.
Why would you need a separate software to store your used passwords???

Windows does this in the Authentication manager
A great tool to "remember" the passwords you set for online services that you use very seldom!

I know some people has trouble understanding what they read, so to clarify! The question was WHAT PASSWORD IS MORE SECURE! (that seemed to slip your mind!) and lastpass does not make you remember your passwords... nor does it help you to remember your sign in password since its not available until you have signed in! The winguider-method, as an example, makes your passwords more secure and helps you to remember EVEN your sign in passord.. And not everyone are comfortable with storing important password on a 3:d party online storage!

Your employer might not approve of you storing your work-passwords on an 3:d party online service either! So there IS a need to create passwords that you create your self, and REMEMBER your self!

Please stay ON TOPIC, my face is a literal rump!!

That password testing site doesn't appear encrypted.
Good point!
 

voyagerfan99

Master of Turning Things Off and Back On Again
Staff member
Your employer might not approve of you storing your work-passwords on an 3:d party online service either! So there IS a need to create passwords that you create your self, and REMEMBER your self!
Again, you're funny. My entire company relies on Lastpass for password management of both internal and client passwords and secure notes.
 
Top