“Use a strong password.”
You’ve probably heard someone use that phrase by now and you may be wondering what it means. Well, it doesn’t mean that your password needs to be able to lift heavy weights or perform other feats of strength. What we really mean by “strong” is a password that meets certain characteristics. A strong password is one that has a certain length combined with high entropy. Say what? That’s right. Entropy is probably not a word that you use very often but when it comes to a good password, it’s key. Entropy is “the lack of order or predictability”. So a password with high entropy would be a collection of very random characters. That’s why many password policies require a variation of length along with upper and lower case letters, numbers, and special characters. The policy is forcing you to use a higher level of entropy in your password. The password “abc123” is a “weak” password because the collection of the characters is very orderly and easy to predict. 2 comes after 3 and c comes after b, and so on. The higher the level of entropy in a password, the harder it is to guess and crack using automated password cracking algorithms.
But passwords with high entropy are hard to remember! Yes, they are, and that’s a good measure of whether your password is strong. Can you look at it once and remember it several hours later? If not, it’s probably because it has a higher entropy than you’re used to. Our brains are wired to recognize patterns and things that are familiar to us. This is why we gravitate towards lower entropy passwords.
Use a passphrase instead.
Passphrases are passwords that are much longer than the standard of 8 or 12 character passwords but use a sentence structure with several words and spaces. Passphrases are easier to remember and are more recognizable to our brain but also have a much higher level of entropy because of their length and the positioning of spaces in the phrase itself. For example, a password could be the phrase “the black f0x Jumps 0ver the M00n!” This passphrase would meet the majority of complexity requirements but is also easy to remember once you use it a few times. In addition, the randomness of the words used and the spaces included in the phrase mean that the odds of someone being able to predict the passphrase are extremely low. We have greatly increased the entropy of our password while at the same time making it easier to remember. Yes, it’s a longer password to type, but you will find it only takes about a second longer to type than a traditional password.
Recent Comments