A passwordless future, we hear, awaits us all. Multi Factor Authentication, Biometrics and so on. But until that great day comes, we’re stuck with creating passwords with ever more elaborate combinations of keyboard letters, numbers and symbols.
So we’re told.
Of course passwords must be strong. Password theft has surged 45% in just the last six months, reports Phil Muncaster of InfoSecurity Magazine.
Dozens of online password generators are available to help users create secure, high entropy passwords. But who among us can remember the results?
So why not create high-entropy passwords that are easily memorized?
Such a password can consist of just two randomly generated words – one of six letters and one of seven – connected by one keyboard symbol and two numbers.
This gives you a high-entropy password. 16 characters suffices. Which means you don’t have to write it down. You can keep it in your head.
But how to be certain that this memorable password has sufficient entropy to be secure? Do the math. There are 2,400 words with five letters and 20,000 with six letters plus all the words with six or more letters. Add up these words, square the total – you are using two randomly generated words – then factor in your symbol and two randomly generated numbers.
You have created roughly 5×1014 possibilities. That’s enough entropy for a secure password.