Inspired by the xkcd Password Strength comic, this application provides you with ten relatively complex, yet easy to remember passwords. Optionally, you can include numbers or symbols for additional complexity (or to satisfy certain password requirements), and adjust the number of words.
- Using common words in your password aids memorability.
- Using multiple words ensures sufficient complexity to prevent guessing of the password.
Most people's brains can only hold about seven pieces of information in the short term. Contrasting a seven letter password to a seven word password, a seven word password has 2 quadrillion times more complexity, or combinations. Exploit your brain's ability to memorize sequences of words with ease, and you will be rewarded with a more memorable-secure password.
- Internally repeating the password helps to extend the memory into long term memory.
- To further strengthen the memory, it might help to form a mental picture of the word relationships (as illustrated in the comic).
Certain websites may have a password length limit of about 20 characters. Take note of such limits to ensure your password is not being truncated.
The dictionary used contains approximately 3,500 commonly used English words. Each word is chosen at random using a pseudorandom number generator. As an additional security measure, version 2.0+ of this application now generates passwords using JavaScript (on the client side)—in other words, the passwords are never sent across the web.
To demonstrate how these passwords are secure, let's consider how someone might guess your password.
If the guesser is privy to you using word sequences as your passwords, they can guess your password much faster than a standard brute-force attack. Still, there are about 150 trillion combinations of four word passwords (as generated by this website); that would take a long time even for a computer to guess.
More likely, the guesser would use a brute-force password attack—trying every combination of characters for passwords in the range of 8–20 characters. The guesser would make rudimentary assumptions about your character set (whether you use uppercase, numbers, or symbols). For example, if the guesser assumes your password character set includes uppercase and lowercase letters only, then a 25 character password has 52^25 (7.9 × 10^42) possible combinations. This would take something on the order of several octillion years to guess with a desktop PC.
If you are using unique passwords for every account you've created—which you definitely should be—you will probably find it difficult, if not impossible, to remember all of those passwords. It's just the nature of your brain.
I personally recommend using a password manager such as 1Password, KeePass, LastPass, etc., to free yourself from the burden of remembering all of your various account passwords.
Once you start using a password manager, you can use longer, more complex passwords, without worrying about having to remember them. Then, you only need to remember a handful of passwords in your everyday life, such as your computer passwords, email password, or other passwords you can't or don't want to depend on your password manager for.
Created by Joel Walters © 2013.