Unfortunately, people nowadays think that you need to have all kinds of weird symbols and numbers in your password to make it secure. This isn’t the case! Despite the many websites that require you to have symbols and numbers, it’s often more secure to have an all lowercase password, as long as it is 16 characters or more.
This is the case for three (3) reasons:
- Complex passwords with numbers or symbols are harder to remember and harder to type
- Since they’re harder to remember, people tend to reuse them, making them more vulnerable to data breaches
- A password’s strength grows exponentially the longer it is
A longer, simpler password of all lowercase letters is easier to type, easier to remember, and more secure than a shorter more complex password. Use the sentence trick to come up with super secure passwords you can actually remember.
The Sentence Trick
- Start by coming up with a long and memorable sentence that is personal to you. For example, I really love Paul McCartney and The Beatles!
- Take the first and second letter of every word and combine them to create a password. The example above would result in something like irelopamcanthbea
- Optionally, add a few uppercase letters or a symbol to make it even stronger. Example above could be: Irelopamcanthebea!
Do not use this example, come up with a sentence of your own!
The sentence can be anything from a list of items at your desk, to your grandchildren’s names, to a favorite lyric or quote. Though I recommend that you don’t use something well known like “Mary had a little lamb who’s fleece was white as snow”. That could be easily guessed by a hacker.
Example Sentences
- Rochester’s favorite food is garbage plates could become Rocfavfooisgarpl. You can use more than just the first and second letter.
- Locke is a security company named after John Locke could become loisaseconafjolo. Very easy to type quickly!
- Photo of my granddaughter named Jenny on the swings could become phofmygrnajeonthsw. Take inspiration from items around you.
Practice Typing Your Password
Now that you have a good strong password, the last thing you need to do to is practice typing it. Do not overlook this step! Locke is a password manager that will generate and remember passwords for you so that you only need to remember a single master password. But that means that it’s critical that you actually remember it!
By simply reciting the sentence in your head a few times as you type your password, your brain will move the sentence from short term memory into long term memory and you’ll never forget it. When you register for a Locke account we have you type your password 3 times before using it for this exact reason.
How Password Strength Is Calculated
A password’s strength is calculated by how many tries it would take for a hacker to guess it (often referred to as entropy). The math is pretty simple! All you need to do to calculate the strength of a password is take the number of characters in the alphabet being used, and raise it to the power equal to the number of letters in the password.
For example if your password is irelopamcanthbea, the number of characters in the alphabet is 26 since the password only has lowercase letters. The length of this example password is 16 characters.
That means the number of guesses it would take to crack that password is 2616. That equals 43,608,743 with 22 zeroes afterwards. It would take the average hacker more than 2 million years to guess that [1]. Even using the most powerful computers available, the NSA would need about 138 years to guess it. That’s pretty secure!
This is important because when you deal with exponents, increasing the exponent is going to make the resulting number much bigger than increasing the base number would. For instance, if you include uppercase, numbers, and symbols in your password then the alphabet would contain about 72 characters. If your complex password is 10 characters long then the password entropy is 7210. That is much smaller than 2616!
The logic for including symbols and numbers in a password is to increase the size of the alphabet. To be clear, this will make your password stronger. HOWEVER it also makes it harder to remember, harder to type, and encourages you to reuse it across websites. Never a good idea!
It’s more important to have a long password that you can remember and type efficiently.
Conclusion
A longer password is usually more secure than a shorter password, even if the shorter password has weird symbols and numbers and the longer one doesn’t. Focus on length, not complexity.
Make a strong and memorable password by combining the first few letters of each word in a memorable sentence. Then recite the sentence in your head as you type the password and you will never forget it.
Another great alternative to the sentence trick is to create a passphrase by combining entire words using diceware.
[1]: HelmedHorror on Reddit with a beautiful and accurate chart