Choosing a proper password can sometimes be harder than we think, especially when it cannot be recovered if forgotten.
There are multiple ways to look at how a password is proper. It has to be easy for you to remember, yet difficult for a hacker to guess. It has to make sense to you, but hard for an automatic system or computer to determine.
Choosing a strong password can be the topic of an entire book, and various sources will have different, sometimes even completely polarizing opinions, on what a strong password needs to be.
Credit: XKCD Comic
Various studies conducted by organizations such as NIST have concluded that, unsurprisingly, the best passwords are the ones made up of a combination of random uppercase and lowercase characters, numbers and special characters, of a length of at least 10. The same studies, however, have shown that it is very difficult for humans to remember such passwords, and even worse, it compromised security further due to an increase in the number of people who decided to write down the passwords on paper or sticky notes.
Human brains are wired around patterns. Patterns, however, are what makes password cracking more efficient. So how do we strike a balance, then? Further studies have concluded that if a password is of reasonable (and usually higher) length, then patterns become much less efficient.
This is why we recommend the approach of using a lengthy password (Velamnis enforces a length of at least 12) which is mnemonic (easy for the human brain to remember or reconstruct). By making it personal, it helps even further.
Consider the following example password: CoconutSWeekenD@BalI!
It is 21 characters long, a lot more than the minimum of 12.
It contains uppercase (the first and last letter of each word) and lowercase letters, as well as 2 special characters.
It is relatively easy to remember, especially if, like me, you've been to Bali and you've enjoyed picking up some coconuts in the first weekend.
It is hard for anyone else to guess it because this has been a rather private experience.
You can build very strong passwords by basing them on your likes, dislikes, life experiences and so on, although you must be careful not to expose yourself to social networking attacks. The following is a bad example: 20!8W3dding@Bali
Why is it bad?
First, avoid using l33t replacements. That's, ! instead of 1, swapping 0 and o, 3 instead of e, and so on. These are very popular and most password crackers know that, which is why they are including them in their combinations, so it's not really making your password much stronger than the the non-l33t one.
Second, the wedding is likely to have been a public event, which can be known by virtually anyone, if we have posted pictures of it on social media, for example. Therefore, someone determined enough could try feeding into a password cracker such events and details in hopes that they get a match. Remember, the password is best based on some piece of information known to you but not others, or at least, not publicly available or deducible. Other bad examples are pet names, names of relatives, places you've worked before, the car you own, and so on.
We hope this will help make choosing your password an easier ordeal. We also take the opportunity to remind you that Velamnis puts you 100% in control of your account's security and that we cannot help you recover your password in the event you forget it. If you are prone to forgetting passwords, our recommendation is to write it down and store it in a secure place, such as inside a book in your bookshelf, or behind a photo in your family album. Never write them down in easily accessible places, such as sticky notes, papers on your desk or notebooks.