Waldo Jaquith (JAKE-with) is an open government technologist who lives near Charlottesville, VA, USA. more »
View more posts
6 replies on “My passwords are not so hot.”
My first thought was, “What if its a phishing site?” but then I even if it was, how much could they really do with just a password.
Don’t feel too bad.
I tried this combo as a tester password:
xptdzdq1133h42184ststljhfrqdmsndvrjq
It was rated “mediocre”.
I thought it was broken, too — until I tested one of my passwords.
Only 8 characters, all standard for US keyboards, but I got a score of “strong” (39). :-)
It’s looking for at least eight characters, at least two non-alphanumeric characters, at least two numbers, and at least one uppercase letter. When mixed case and non-alphanumeric characters come into play, it gets way harder to launch an attack with rainbow tables. Given that, here are a few passwords that qualify as strong:
!@dle42D
#b1@rGh%
Me@hgd2!
Sure, the computer thinks it’s strong, but how are you supposed to remember $flkj&K45F? It’s not exactly secure if I have to write it down and leave it next to my office computer.
I think it’s pretty doable, as long as you use either mneumonics or goofy spelling equivalents. A ! can be an L or an i, a # can be an H, a @ can be an A, a + can be a T, etc. For instance:
The First Day Of The Week Is Sunday
TFDOTWIAS
+fd0+T!@S
Or, an example of the latter:
Moonflower
Mo0nf!0w3R
That said, passphrases are all together more secure. Better to have an entire sentence (“The first day of the week is Sunday”), which requires no crazy numbers or weird keyboard characters. And, as you rightly point out, they’re easier to remember.
My first thought was, “What if its a phishing site?” but then I even if it was, how much could they really do with just a password.
Don’t feel too bad.
I tried this combo as a tester password:
It was rated “mediocre”.
I thought it was broken, too — until I tested one of my passwords.
Only 8 characters, all standard for US keyboards, but I got a score of “strong” (39). :-)
It’s looking for at least eight characters, at least two non-alphanumeric characters, at least two numbers, and at least one uppercase letter. When mixed case and non-alphanumeric characters come into play, it gets way harder to launch an attack with rainbow tables. Given that, here are a few passwords that qualify as strong:
!@dle42D
#b1@rGh%
Me@hgd2!
Sure, the computer thinks it’s strong, but how are you supposed to remember $flkj&K45F? It’s not exactly secure if I have to write it down and leave it next to my office computer.
I think it’s pretty doable, as long as you use either mneumonics or goofy spelling equivalents. A ! can be an L or an i, a # can be an H, a @ can be an A, a + can be a T, etc. For instance:
The First Day Of The Week Is Sunday
TFDOTWIAS
+fd0+T!@S
Or, an example of the latter:
Moonflower
Mo0nf!0w3R
That said, passphrases are all together more secure. Better to have an entire sentence (“The first day of the week is Sunday”), which requires no crazy numbers or weird keyboard characters. And, as you rightly point out, they’re easier to remember.