Sometimes it happens that mere coming up with them is difficult. While remembering one or two passwords is not a challenge (although its immediate forgetting is also hugely probable), there are many more places to which access is secured with a password. For those who do not use the password manager, which – unfortunately – is still not a popular tool, such passwords are very problematic. This in turn means that the same, hard-to-remember combination is often duplicated, and the same password is used to secure more than one account. If this password is cracked, the risk of a successful attack on other places protected with the same password increases significantly (of which one of our clients has recently learned the hard way).
What is yet another disadvantage of passwords consisting of upper and lower case letters, numbers and characters, is the repetition of random patterns, commonly used in creating such passwords: selecting one word and additionally substituting e.g. “0” instead of “o”, “1” instead of “i”, “3” instead of “E”, “4” instead of “A”, adding “!” or a combination of a sequence of numbers like “12345”, “qwerty”, etc. Cyber criminals know these methods very well, so it is easier for them to optimise attacks.
Which solution is better?
Recent times have witnessed another way of creating passwords being promoted, which is based on the three random word method. What determines the effectiveness of this method is this randomness, additionally supported by the length of the phrase created from these three words. Such a creation of passwords boosts the effectiveness of protection, as there are so many people, so many ideas for unique passwords, composed of freely chosen words. It goes without saying that a password created this way will be longer than a one-word password, but for the person who comes up with it – easier to remember than a sequence of random letters, numbers and special characters. Ease of remembering passwords also increases the likelihood that different passwords will be used for multiple accounts, which will definitely have a positive effect on the user’s security.
An additional advantage of being opened to a different password policy is that the more different password methods, the more algorithms to crack passwords have to be tried by potential cybercriminals, which is more difficult and time-consuming for them. For if there is only one adopted method of passwords, one algorithm is enough, focused solely on cracking such passwords.