Password Phrases | Kent State University

Password Phrases

Having a password phrase makes it easier for you to remember your password without making it easier for somebody to guess or hack.

When coming up with a password, people tend to prefer lower case letters over upper case, letters over numbers, and numbers over special characters. People also tend to put numbers and symbols at the end of the password. Hackers know these tendencies, and that makes it even easier for them to crack passwords. Hackers even know the common tricks, like substituting the letters "o" and "i" for the numbers "0" and "1".

A password cracker program can be used to guess your password by trying millions of combinations of numbers, letters, and special characters per second. It will try words, numbers, special characters, and combinations of those together. Depending on the power of the computer, a five character password that is all lower case letters with no numbers or special characters can be cracked in minutes. A five character password with lower case letters, upper case letters, numbers, and special characters, can be cracked in days.

There are two common approaches to password phrases: stringing random words together into a phrase, and taking the first letter of every word in a phrase.

 

First Letter of Every Word

This is technically the weaker of the two methods (but is listed first because it helps prove a very strong point later on). For this method, you create a phrase that is easy to remember. It can be something personal about you, lyrics from a song, etc. Then, you take the first letter from each word and keep punctuation.

The passphrase:
Kent State University is the number one university in Ohio. Go golden flashes!

Becomes the password:
KSUit#1uiO.Ggf!

 

Stringing Words Together

The second method involves stringing random words together. This method is the stronger of the two because of the sheer length of the password.

Lets say I take four words from the passphrase used above:
Kent number Ohio flashes

The password becomes:
KentnumberOhioflashes

Why is Stringing Words Together the stronger of the two methods?

While the second password (KentnumberOhioflashes) seems simpler than the first (KSUit#1uiO.Ggf!), it is actually much stronger. Here is why:

The first password contains uppercase letters (26), lowercase letters (26), numbers (10), and special characters (33). That means that there are 26+26+10+33 = 95 different possibilities for each characters. If the password is 15 characters long, that is 9515 different possibilities, which is approximately 4.63x1029. While 29 trailing zeros seems like a lot, take a look at the second password.

The second password only contains uppercase and lower case letters for 26+26 = 52 possibilities. However, it is 21 characters long, which makes for 5221, or 1.08x1036, possibilities. That's 36 trailing zeros!

You have to remember the same phrase, but by using the full words, you get a stronger password. The only downfall to this is that typing in long passwords can often be a pain, especially when you're in a hurry or if you accidentally hit the wrong key half-way through. Also, many websites restrict the length of a password (8-12 or 8-15 characters).

For information on passphrase strength, check out this LastPass Blog article.