Most of us probably believe that the more complicated a password, the better and that “complicated” refers to a mix of letters, numerals and symbols. These sequences are reminiscent of how swearing is often portrayed in comics. The obvious drawback with passwords like “Hj8!*Fj3” is that they have no meaning and can be hard to remember.
The other and maybe not so obvious drawback is that such passwords aren’t necessarily very strong. A 5-digit password made up of only lowercase letters is just as strong as a password that includes both lowercase and uppercase letters, numbers and symbols.
Passphrases
The length of a password is more important than its complexity when it comes to strength. Each digit that you add to a password increases its strength many times over. It only takes hackers about an hour to force a 9-digit password combining uppercase and lowercase letters but 3 million years to crack a 15-digit password of the same letters.
That being said, it’s important not to use passpwords that are easy to guess, such as the names of all your children in a row to achieve length.
That brings us back to the original issue - how are we supposed to remember a 15-digit password? By using passphrases instead. “Winter24” is an example of a (very bad) password. “WinterIsUponUsSoon” is an example of a very strong passphrase. In this example, we combine uppercase and lowercase letters in an 18-digit passphrase that it would take hackers 167 billion years to force.
The Golden Rule ...
... is that size really does matter: length is more important than complexity. Long passphrases are easier to remember, more difficult to guess and provide stronger protection against hackers. One last point: While passphrases are stronger than passwords, it’s still not a good idea to use the same passphrase for multiple purposes. If our passphrase is stolen or hacked, we don’t want it to open all our doors simultaneously.
Good luck creating passphrases and stay safe in cyberspace!
