Simpler Stronger Passwords

The complexity of passwords is indeed something that has recently flipped into the realm of impossibility for us humans. In order to get any kind of decent cracking-resistant password these days you’re probably looking at having a password of at least 15 characters, making heavy use of uppercase, lowercase, symbols, etc. Very few people will be willing to commit that to memory, and if they do, they’ll be even less likely to change it on a regular basis.

The XKCD comic below shows that point pretty simply. It’s not actually that bad to use dictionary words, as long as they’re unrelated and you chain many of them together. The reason this works is because instead of picking from a character set of 26 letters, 10 digits and 20 symbols (total=56), you’re now selecting from a character set that is as large as the dictionary (~150,000 words).  If you select four words of about 5 characters or more, the potential keyspace an attacker has to guess will be enormous – especially if you throw in a few symbols for good measure ;)