Passwords are a real problem, aren’t they? You’re supposed to come up with something memorable, so you think of a word that means something to you. But you’re not supposed to do that because someone might guess it and password cracking programs will try all the real words first anyway.
So you change a few letters around and turn the O’s into 0’s or the i’s into 1’s. But that doesn’t work, because you can’t remember which ones you switched for which, and password programs can figure those out too.
So you go for a load of random letters and numbers… which you can’t remember, so you write it down somewhere. Which is about as safe as hanging the key to your house on a nail by the front door in case you forget it.
xkcd sums the problem up nicely. You end up creating passwords which are hard to remember, and easy to crack, which is precisely the opposite of what you really want. You want something easy to remember, but hard to guess.
So here’s how you do it. There are just two rules:
- The longer your password, the harder it is to crack. A password consisting of 4 simple words, totaling 20 letters, is FAR harder to crack than a password containing 12 random characters. So yes, MoonVodkaCarrotBeach is a much better password than fR56$swp&J! – really! And it’s far easier to remember.
- Feel free to mess around with capitalization or spacers, as long as you can remember the variant you used. You could use moonVODKAcarrotBEACH or Moon-Vodka-Carrot-Beach or even MOONVODKA_carrotbeach.
And if that’s not easy enough, try this real simple password generator, based on xkcd’s idea. You can tell it how long you need your password to be, give it a few options, and keep going until you come up with a password you can remember.