Password Creation Advice
This article provides tips for crafting a good, secure password. For context, see the detailed explanation for the recent update of our password system. The key pieces of information from that post--PLUS detailed steps for changing your password--are provided in the reference article linked below.
Under the new system, implemented as of summer, 2019, we require site passwords to meet a few minimal requirements. We also make some recommendations.
Our site password REQUIREMENTS:
a. Your password must be at least 8 characters long.
b. Your password must not show up on our list of "the most commonly used passwords"; if it does, it will be rejected.
Our site password RECOMMENDATIONS:
a. Don't REUSE passwords from site to site.
b. Make your password longer than 8 characters; aim for at least 12 characters. (No special characters are necessary.)
c. Choose a password that is easy for you to remember.
d. Consider storing your password in a password manager.
Now let's discuss some strategy behind creating a strong password.
Password writing can be intimidating. People tend to think that a random string of letters and numbers is a super-secure password that nobody could guess. For example, people assume that the password "Ab13gU7" is super secure. No one's going to guess that password, but if someone's running a decryption utility, they'll crack that password in about three hours. In contrast, if your password was "Whirled Peas" it would take someone with your basic desktop PC about two million years to crack. If a website lets you use it, the space key is your best friend in the world. If_not,_use_underscores_instead.
That's why we need to stop thinking of passwords and start thinking of passphrases. Song lyrics or poetry snippets shot through with symbols and numbers are a great place to go. In contrast to whirled peas, the password "@11Uneedislove" would take about 32 billion years to crack. That's without spaces. When you type it as "@11 u need is love" it'd take a modern desktop about 560 sextillion years to crack it.
In short: Don't use dictionary words, and don't use a long string of letters and numbers that you can't remember. Use a phrase. Spaces are your friend, but so are symbols and numbers.
These classic Daily Kos posts offer more suggestions for ways to replace letters with symbols and numbers to help you write an easy to remember pass phrase: "How to Write Passwords" and "How to AVOID writing passwords"