How to make a strong password that’s not nonsense.




This is what you see if you have recently had a password generated for you. These are passwords that are considered strong — lengthy, is not a word and includes a mix of capital letters, numbers and symbols. There is just one problem: IT MAKES NO SENSE.

A password needs to be complex enough to be secure, but at the same time, if the password looks like strange math formula, then it is not serving the user well.

There can be balance; it’s very possible that we can have a secure password that we don’t have to write down on a post-it note to remember. First however, we need to understand what a weak password is.

What is a weak password?

The first thing to look at is what makes a password weak. Here are 3 criteria for a weak password:

1. It’s Short

This comes down to combinations and permutations.

Each character in a password represents 95 combinations, as seen below:


If your password is only 1 character, then there are only 95 possibilities (95^1), meaning a hacker can guess your password with 95 tries. By simply adding a 2nd character, you can increase the complexity of your password exponentially to 9025 possibilities (95^2). And if you make your password 8 characters long (which is recommended by most password generators), that means 6,634,204,312,890,625 possibilities (95^8).

Let’s assume a hacker is using a strong hacking program to guess your password at a rate of 103,000 guesses/second. How long would it take to go through all combinations?

password length password possibilities time to crack (rounded)
1 95 < 1 seconds
2 9,025 < 1 seconds
3 857,375 8.3 seconds
4 81,450,625 13.18 minutes
5 7,737,809,375 20.9 hours
6 735,091,890,625 82.6 days
7 69,833,729,609,375 21.5 years
8 6,634,204,312,890,625 442,882.6 years

Lesson: don’t make your password too short.

2. It’s easily guessed.

Even if your password is long, it is useless if it is easily guessed. Here are 10 of the most common passwords in 2013 (source):

  1. 123456
  2. password
  3. 12345678
  4. qwerty
  5. abc123
  6. 123456789
  7. 111111
  8. 1234567
  9. iloveyou
  10. adobe123

Anyone with the using the above passwords are probably using a device’s default password or probably not aware of how to make a secure password. Either way, if I was hacking someone’s password, even before running a program to guess every combination, I would go through a list of common passwords, like the one above, to save time.

Lesson: Ensure your password is not so generic that it’s easily guessed.

3. It can be found in a dictionary.

Much like the situation above, hackers aim to be efficient, to save time. Instead of trying to guess every single password combination, which can result in nonsense guesses, they can go through a dictionary.

Why a dictionary?

It’s because people don’t like passwords like “yu6RutR-” it’s secure, but it doesn’t make sense to them. Passwords need meaning in order to be remembered, so that is why it is very common for people to use real words and names in their passwords. This is also why a lengthy password like “aardvark” or “apocalypse” are bad passwords: they will be in a dictionary, thus a hacker’s dictionary as well (note: Oxford 2nd edition has only 171,476 words).

Lesson: Don’t make your password a dictionary word.


How to make a strong password.

Now that we know why passwords are considered weak, we can look at strategies to make a strong password without making it incoherently complex so that you can’t remember it.

First, make sure your password is long enough: 8 characters minimum.

Second, consider using words that are personal to you, which people would have a hard time guessing.

The idea is we don’t want anything easily guessed, used, or generic.

For example, if I am born on January 1, 2000, I can make my password “01012000” or “jan12000”. Or if I am a New York Giants fan, I can use a password “nygiants2007”.

Although my mother may be able to guess these passwords, a hacker that does not know me at all will not because they are personal.

Third, don’t use singular words, but rather, use strings of words, slang, mnemonics/acronyms, and foreign words coupled with numbers or symbols.

We already talked about how passwords found in dictionaries are easily guessed. This is because words allow us to remember our passwords easily by giving them meaning.

Here are some examples of passwords that aren’t words, but still have meaning: “showmedamoney$”, “kamsamnida313”, “hmimnwftroyd”

“Show”, “me”, “the”, “money” are all words that can be found in the dictionary, but combined, they become nonsense, especially when a misspelling is used (“da” instead of “the”). This password is memorable because it is from a popular movie, Jerry Maguire.

“Kamsamnida” meanwhile, is the romanization of “thank you” in the Korean language, thus something that is not going to show up in a dictionary. Even a Korean dictionary may not show it, as it is one of many variations of spelling it. The 313 meanwhile, is the area code of Detroit. To remember this, all we have to do is think “thank you, Detroit.”

Finally, “imnwftroyd” looks like nonsense, doesn’t it? It does not look much better than “Sta&afr4th”. However, this password is actually an acronym for song lyrics: “it means no worries, for the rest of your days.” These lyrics, of course, are from the unforgettable “Hakuna Matata” from the movie, the Lion King.

The Risks of Cloud Computing

This is an opinion piece.

Cloud computing is something that has changed the way normal people and businesses interact with data in the past 7 years or so.

Our Interactions with Data Changed

Regarding storage, prior to the age of cloud computing, we would have to carry and access our data in a more primitive way: USB flash drives, emailing ourselves attachments (albeit with size limits), burning onto CDs/DVDs. Now we can save things in cloud storage and access it from home or while on vacation.

Regarding applications, prior to cloud computing, our applications would have to be bought in stores and installed with a CD. Life would be cumbersome if we wanted to use the program on another computer. We would have licensing issues, copyright issues, and platform issues (remember programs that were only available in Windows??). Now, all our favorite programs like Microsoft Word, Intuit Quickbooks, and Adobe Photoshop can be accessed in an internet browser, whether it’s on our desktop, laptop, tablet, or phone.



However, as our data trends towards the cloud, it becomes more vulnerable.

Security vs Convenience

Cloud computing has changed our lives for the better by making data access more convenient. Data security is always a concern however, and with cloud storage, all it means is that our security concerns are exponentially increased.

Security is something that many people ignore or consider an afterthought.

In some offices I’ve seen, many people write passwords on a post-it note and then put it on their desk or in their drawer. Obviously, it defeats the purpose of a password to have it written in plain-view or nearly plain-view, but for the user, security is not as important as their convenience.

For a digital example, I notice that most people do not have passwords on their personal phones. Yes, inputting a password everytime you want to use it is annoying, but consider this: if you get possession of a person’s phone that is not password-protected, you will most likely be able to do all of the following:

Read their email, see their photos, access their cloud data, update their Facebook status, buy something on Amazon.

Vulnerability Evolves As Well

Cloud technology has meant that data that was once private and closely-held, can now be hacked by talented individuals from remote locations. Two great examples of this was the leaking of personal photos from Jennifer Lawrence’s iCloud account (source) and the mass data-hack at Sony (source) by North Korean-sympathizing hackers.

20 years ago, a CPA would keep his client work files in cabinets. His main security concern was to keep only his office secure from intruders.

To prevent a possibility of complete loss of files, the CPA would make copies of all his work papers periodically or daily. He would have to store them off-site (storage facility, archive, or at home) to prevent a single point of loss. Now however, the CPA has increased his vulnerability — the CPA now depends on a 3rd party to keep his files secure. Data redundancy creates vulnerability.

Flash forward 20 years, the CPA has hopefully adopted new technology and is now backing up work papers digitally to save time. The CPA still relies on a 3rd party, but this time, instead of the data being in an off-site storage center, it’s digitally stored on a server somewhere, accessible remotely. Now, being secure means being secure from intruders potentially all across the world, who have internet access. The CPA now depends on the vendor to provide this security, with no knowledge of their security protocols or the physical security of the physical servers.

There is no going back

The foregone conclusion is this: cloud computing is here to stay; the pros of it outweigh the cons. The main concerns is simply that people using the technology do not understand basic risks and security principles.