Hate Your Passwords Less [howto]

You have probably run into sites that keep telling you “that password you submitted?  not good enough — you need an upper case, lower case letter, numeral, AND a special character, it cannot be a dictionary word, nor your username, blah blah blah”.

So after many tries, the only that actually works is “Pa$$w0rd*”.   Which turns out to be a terrible password because computers can guess that in no time at all.   Complex passwords does not actually mean “hard to remember” (that part only makes it hard for humans), it should mean “hard for computers to guess”.

xkcd (the online comic) suggested a method, which a reader used to create what is now called the “xkcd password generator”.   You can roll your own at http://preshing.com/20110811/xkcd-password-generator/.

It’s YOUR password.   Change the order, or change one of the words, or run it twice and get eight words.   Grab 12 random words from the password generator and use the four or eight that make a phrase you will remember, arranged in the order you like.  The point is YOU should remember it, and because it is random, it is hard for computers to guess.

Put it in your password manager.   Pick one and use it.


By the way, xkcd is at https://xkcd.com/, almost as much fun as “don’t shoot the pianist he’s doing the best he can”:  http://euge.ca/2014/08/09/introduction/ – this one rings particularly true, I’ve spent plenty of my own hours on it.