Strong password generation

Options
bcgarrett
bcgarrett
Community Member
in Mac

I'm confused about creating strong passwords. 1Password's strength tester rates the following password as extremely strong: 1945.BerlinMoscowCairoPragueTunisOntario.
I realize that the length of this password is probably why it is rated as strong.
But it's very easily remembered if those are the last 6 cities I visited. However, intuition leads me to think that a simple password like that must be weak because it is so easy to remember. Could you please comment?

1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • Megan
    Megan
    1Password Alumni
    Options

    Hi @bcgarrett ,

    That's a great question! I would need to get our security guru in here to explain exactly why this password is rated as strong, as there are a lot of factors that are taken into consideration. Some of the good things about your password here are the length, the mix between letters and numbers, and the different cases of the letters (using both capitals and lowercase). How all of those factors are considered when rating password strength though is a complicated matter.

    However, intuition leads me to think that a simple password like that must be weak because it is so easy to remember.

    It's not so much the memorability that's the trouble here, it's the guess-ability. Using passwords based on personal information is always less secure than using randomly generated passwords. Because so much of our lives is on social media these days, it's not unreasonable to think that an attacker might have access to that information, and include that in their nefarious password-cracking algorithm. (As a side note, I hope you enjoyed the exotic province of Ontario!)

    So, that being said, I have two pieces of advice for you with respect to passwords:

    • If it's a password that you have to remember and type frequently (like your Master Password or perhaps your AppleID), use Diceware to create a password made up of random words. It's described in our security guru's blog post Towards Better Master Passwords. Using random words will get rid of that guess-ability thing, and because it's still using real words, it will be easier to remember and type!
    • For all other passwords, just let 1Password generate random strings of gibberish for you. You'll never need to type them, because of that lovely little browser extension, so there's no need to make them remotely memorable or type-friendly.

    I hope this helps, but if you have more questions, we're here for you.

    :) from Toronto!

This discussion has been closed.