Stop making passwords that are hard to remember and easy for robots to guess. Use sentences you can remember. Use spaces and punctuation. Try a password like
There's no WAY anyone's gonna guess this and then see how long it would take a robot to guess it using this password strength meter.
What is a strong password?
That depends on the website you’re logging into. It would be great if we all agreed on what constitutes a strong password. But in 50 websites asking you to log in you’ll find 50 different password requirements you have to meet. We end up making passwords that are hard to remember. Worse, we’re creating passwords that are easy for robots to guess!
What makes a password easy to guess
When we think about someone trying to log into our bank account or WordPress website, we imagine a person dressed in black with a Zorro mask on. At least I do. My guy has stripes on for some reason. Is that supposed to mean he was in jail already and just broke out? Only to hack my website? I don’t know. But the truth is, nobody is trying to hack you. Robots are!
A password-guessing robot is really just a bit of code. It runs through millions of passwords it has written down in a list. Then, it tries to log in at a rate of 10,000 tries per second. That’s a lot faster than my striped gentleman could do it.
Here’s a tough-looking password: Pa55w0rd! How long would it take a robot to guess it? A little more than one second, after it tries 11,100 previous guesses.
Let’s make passwords easy to remember and hard for robots to guess!
Dan Wheeler from Dropbox, Inc. created an excellent strength meter that looks at a password from a robot's point of view and tells you how long it would take a robot to guess it. The idea is to create a simple phrase, or a set of words you choose. Throw in a few spaces and a bit of punctuation and you’ve created a password so strong, it would literally take centuries for a robot to guess it, at 10,000 tries per second!
How do we know this? Try his Password Strength Meter and see for yourself!
Note: Password requirements differ. A lot, and often. Unfortunately they force us to create passwords we can't remember, and the ideas here won't always work. But one place they do work is WordPress. Make sure anyone who can login to your WordPress site has a strong password. Heck, you can make this article part of your employee handbook. We'd love that.