A common question asked is: "What are your minimum password requirements?". Old-school answers would include criteria such as:
min 8 characters
at least one uppercase
at least one special character
at least one number
Unfortunately, most of the time, this yields weak passwords that look like "Password123!". We'd love to see how many folks use "Pizza123!" at their favorite online pizza ordering service!
As evidenced by leak databases, humans are terrible at creating secure passwords. This is because the criteria above, that have been hammered into us for the past 10 years, have only led to hard-to-remember passwords that are easy for computers to guess.
Therein likes LemonadeLXP's criteria: "How long would it take a computer to guess this passphrase?"
Bad Password Patterns | Examples | Is It Memorable? | Time to Crack |
A common word | december | Yes. | 18 milliseconds |
An easily-typed spacial word | qwerty, aaaaaaaa | Very much so. | 10 milliseconds |
The family dog | rusty | Yep. | 27 milliseconds |
An important number, such as a date | 03261981 | To you, certainly. | 2.213 seconds |
A word with a trivial letter to number substitution | s4nfr4n | Not very much | 639 milliseconds |
If your password resembles any of these examples, it is instantly crackable. Even a mix of these patterns such as [common word] + [number] is straightforward to crack.
There's an easier way: Passphrases!
Compare the tough examples above, to a simple passphrase!
Password Pattern | Example | Is it Memorable? | Time to Crack |
Four or more randomly chosen words | mergers decade labeled manager | It can be! Pick words you will remember. Plus, after you type them a few times, they'll stick | 6,000,126 centuries |
Alternate ways to generate great passwords
If you use a recent version of Chrome Safari, the passwords that they automatically generate for you are excellent. If you use the browser-generated passwords, LemonadeLXP will accept them because of their cracking difficulty.
Password managers such as 1Password also generate strong passwords. They use a different pattern (bunch of random characters) that should give adequate security, but are near impossible to remember. Interestingly, passphrases are still better than these terribly obscure passwords.
Password Type | Example | Time to Crack |
Password-manager style, random garbage | p%9y#k&yFm? | Approximately 90,182,663 centuries |
Passphrase | logic finite eager ratio | Approximately 189,658,722 centuries |