Chris' Guide to good passwords

Granted, this page has nothing whatsoever to do with beekeeping.  But since this site uses a userid/password for the "Member's Only" section, I figured this was as good a place as any to give some quick tips for creating passwords on websites.

 

FIRST, you need to differentiate between the websites you visit.  They basically fall into 3 categories (at terms of the security required for the password to use the site).

  1. Things that involve HIGHLY sensitive information (ie. your bank).  I strongly suggest that for these sites, you actually use a password that really is STRONG.   Not only should the password be strong, but it should be a password you use only on that one site.
  2. Things that have "kind of" sensitive information.  The membership list of this website falls into this category - we don't want to open up the names, addresses, & phone numbers to just everyone in the World Wide Web.  So we restrict it to club members only.  For this kind of site, you should use a password that is "pretty good" - but you can use this same "pretty good" password on every other similar site.  Which is nice for you since that means you don't have to remember hundreds of passwords.
    Facebook would also fall into this category (most people don't keep really sensitive information on their FB account).

  3. Then there are websites that require a password where it just doesn't matter if people can hack in or not.  For these sites, you can use any dumb password you like.  Or you could use the same password as #2 above.

 
I'm not going to talk about #1 above. There are already tons of websites that do that.
 
SECOND - How do you create the password for #2 above?  I.e. one that is both "secure" and "you can remember"?  For me (the gospel according to Chris), there is really one trick:
 

It should be at least 12 characters long.

 
Yes, it should have those "other characteristics" too (mixed case, numbers, & special characters). But total length is really, REALLY important.  The reason for this is that password strength is a function of the number of possible characters raised to the power of the length of the password.   By using a longer password, you are changing the exponent.  
 
The good news here is that if you get to 12 (or more) characters by simply using a phrase instead of a word, this means your password will be MUCH easier to remember.  And if you then throw in some upper case letters and numbers, you will have a nearly perfect password.
 
For example:   MyAnn!versaryI$August15
 
That is a password that NO system in the world could ever crack.  Yet it is very easy for me to remember.    And that comes with the side benefit that I don't make my wife angry once a year!