Generating Strong Passwords

Your passwords are probably all terrible, most passwords are. The 5 most common passwords are:

  1. 123456
  2. 123456789
  3. qwerty
  4. password
  5. 111111

These passwords are all weak because they are highly predictable. An automated tool used to guess passwords would probably start with these, along with every word in the dictionary, which computers can do very quickly.

A password like "iApGmncxS4Cnr2G26" would be extremely secure as it has a high level of entropy, although it would be impossibly difficult to remember a password like that. It's also tedious to write a password like that into a computer.

This difficulty tends to lead users to reusing passwords over multiple sites or simply writing their passwords on a sticky note by their screen, which is not ideal. For this reason we need a method of generating passwords which is both secure and easy to remember.

The YouTube channel Computerphile has a great video on this, although we would suggest a slightly different method. Our method involves generating strong passwords using physical books as a source of inspiration for the words.

Taking a book at random from my shelf, I would flick through it looking at the words at the beginning of each line on the page until I find a page with a good mix of uncommon words in the right place. Here's an image of the top of page 120 of the book Shooting an Elephant by George Orwell as an example:

ShootingAnElephant(1)

"instance.done.recur.to.consists" is the passphrase I would generate from this page, which is an excellent passphrase. I would record the passphrase by writing a note "elephant, 120, 5" somewhere, and it's extremely unlikely that an attacker would guess what that means.

However, if an attacker does know that you're using this method and they find a list of passphrase reminders in your house, it's plausible that they could use those to recover the passphrase. Perhaps they saw you accessing this webpage and used that to deduce that you're generating your passwords this way.

For this reason we suggest adding something to the password that you don't write down but just keep in your head. For instance, you might add a # symbol in the middle of one of the words, or you could write one of the words backwards, it's up to you but whatever you choose should be unique to you.

Leave a Reply

Your email address will not be published. Required fields are marked *