Humans are incredibly bad at making good passwords to protect their computers.
“Bad passwords are one of the easiest ways to compromise a system. For somebody who has a very common eight-character password, it can literally take less than a second for a computer to go through the possibilities to pull that password out,” said the American whistleblower Edward Snowden in an interview with British comedian John Oliver.
What is a good password?
What many people do not realize is that the goal of a good password is not to protect you from humans, but rather machines. If your computer is hacked, it will not be the human hacker who does it, but rather the machine that the hacker uses.
One of the most common methods to hack a computer is called “brute force” – the hacker uses a computer program to generate all the possible password combinations there are and hopes that it guesses the correct combination eventually.
Logically speaking, no password is uncompromisable given enough time. The trick here is to make the hacker guess for so long that he/she gives up because it is no longer economically profitable to spend resources on hacking your computer. After all, his/her computer also runs on power which costs electricity bills.
A good password should be:
A long password guarantees that the hacker’s machine needs to go through a lot more combinations to get the right answer as opposed to a short one. However, a long password that is not random enough can be figured out just as easily.
For example, a long but non-random password like this won’t do the trick.
Furthermore, a long password that involves words that can be found in the dictionary is just as vulnerable. If the program knows to check Oxford Dictionaries when it detects a possible word, then the password becomes a lot weaker.
How do I write a long and random password?
Step 1: Choose a phrase
Pick a phrase that is long but also memorable.
Step 2: Pick a cypher
A cypher is an algorithm that scrambles your password so that it looks seemingly random and difficult to be guessed by the computer.
You may not even be able to memorize the scrambled password character by character, but that doesn’t matter because you get it by tracing it back from the phrase you chose. The idea can be best summarized like this:
Password = Phrase + Cypher.
For instance, my cypher involves switching certain letters with numbers or symbols that look similar to each other:
e ==> 3;
i ==> !;
l ==> 1;
o ==> 0;
s ==> 5;
t ==> +.
Step 3: Combine your phrase and your cypher
The cypher scrambles the phrase so that the computer is not able to figure it out easily.
There you go, a 64-character long password that is easy to remember and difficult to “brute force” through using a computer.
Write: Gene Lin Jing
Editor: Lexie Ma Xiaochi