There’s lots of different things people can do to improve passwords. Most people know that there are better and worse choices (‘password’), and most people know that adding in a number helps (‘password1’). And, if you turn the password into some mishmash of symbols like you wish you were a hacker back in ‘94 (‘p@$$w0rd’) it must be impossible to decrypt.
While a longer password (‘ultrasecurepassword’) is certainly more secure, for something like my own user account password that I have to type numerous times a day, having to deal with successfully typing a password that long without typos definitely gets slower and more obnoxious. On the other hand, completely random passwords (‘dJ2a#0xr’) require memorizing (or worse, a postit) and are terrible for sharing with a group of users.
Another simple way to improve a password is to use the layout of the keyboard itself. For example, instead of ‘password’, type the letter or symbol directly to the right of each letter: ‘[sddeptf’. Or, if you prefer, do above-left (‘0qww294e’) or above-right (‘-wee305r’).
Don’t think this is a magic bullet; some dictionary-based password cracking tools will try these kinds of ‘shifts’ as well to break your passwords. But, password cracking tools are even more likely to try simple letter/character substitutions, and substitutions like that still require memorization, and may need lead to postits. So, from worst to best,
- password
- password1
- p@ssw0rd
- [sddeptf
- dJ2a#0xr
- ultrasecurepassword
