Passwords are annoying but necessary, although sometimes the annoying part of the equation seems to outweigh the necessary part. The average person has 27 different online accounts, but it’s unlikely that the average person really wants to remember 27 different passwords. We can’t help you get rid of out some of those accounts, but we can offer a few suggestions on making better passwords.
What Counts as Simple But Effective?
A password that is simple but effective is one that is easy to remember but hard for another person or a computer to crack. And given how many accounts you’re logging into, easiness to remember should not be an afterthought. It’s just as important as making a password that’s difficult to crack.
Here’s Our Simple But Effective Trick
Use a whole but easy to remember phrase as a password. Ideally, you want an inside joke.
An example: years ago, a friend of ours named Susan was hosting an impromptu neighbourhood party and asked her young children and friends if they wanted grilled cheese sandwiches for lunch. One of them piped up and said, “Why aren’t there any boy cheese sandwiches?” The adults chuckled about it and it turned into a bit of a neighbourhood inside joke. For years, Susan used ‘boycheesesandwich’ as a password (she stopped before sharing the anecdote and giving us permission to use it). That’s an effective password because it’s something she easily remembers, isn’t obvious to a person guessing at passwords, and is hard for a computer to crack because it’s 17 characters long.
What Doesn’t Work
Lots of people recommend that you include upper and lower case letters along with numbers and symbols. That philosophy gets you a password like this: iN3rt@. It also gets you a password that’s hard to remember and more to the point, a password that isn’t very good.
Why? A lot of people imagine a hacker sitting there and guessing password after password, but that mostly doesn’t happen. A hacker who can guess your password usually knows something about you, like where you went to university or the name of your dog. A more professional operation won’t rely on humans guessing passwords, though. Hackers have computer programs that make thousands of guesses per second, and even though ‘iN3rt@’ might be hard for a person to guess, it isn’t hard for a computer to guess. The password ‘iN3rt@’ isn’t so different from the password ‘inertia’, from a computer’s perspective, because it’s still just six characters. To a computer making a thousand guesses per second in an attempt to break into an account, it doesn’t matter that some of those characters are atypical.
If you need to use a number in your password, it’s best to only use a number as part of an easy to remember phrase. For example, the phrase ‘penny for your thoughts’ can become ‘penny4yourthoughts’. It’s easy to remember and still involves a number.
What Shouldn’t Ever Be a Part of Your Password
In the future, it’s going to seem quaint that your mother’s maiden name was considered a useful question to ask people in order to verify their identity. In the age of easily searchable online records, that’s very easy information to find. Don’t make something like that your password. And skip stuff like this: names of your pets, school, university, city, street, and pretty much any other noun that would be easy to link to you. All that stuff is easy to link to you with a bit of research. Also, when coming up with four-digit PINs, avoid using easy to remember years. Why? Because lots of people do this and the strength of a PIN is diminished when a hacker knows that the first two digits are 19.