What makes a great password?

What makes a great password?

Locked out of our accounts after three sweaty palmed attempts, our survival for the working day hinges upon verifying our own existence to a machine.

Our quest to beat the bots has driven us to create passwords so convoluted they are almost impossible to remember– but new research suggests they actually may be the easiest for bots to crack.

wp engine

Source: WP Engine

Analysis by WP Engine reveals seemingly random passwords can actually be cracked in seconds, due to the often predicable path our fingers follow on our keyboards when we set them.

Turns out, when we write our passwords with bots in mind, we actually do it in the very language they understand best.

So what are we to do?


Human recall

Here at Lexer, we’re Human.

Designed to recognise patterns, not chaos.

We don’t want you to have to etch a bizarre zodiac code of nonsensical numerals into your arm to log in to your social customer service platform of a morn. But we do want to guarantee security.

So, we went right ahead and developed a handy password strength algorithm that matches your password against the 10,000 most common (read: crackable) passwords on the planet (according to this 2011 study).

Yours will pass the test if it observes the following password truth bombs:

  • Your name, or a common word like “password” or “qwerty” followed by a sequential series of numbers, “12345”, is not going to fly.
  • Likewise, substituting obvious letters for obvious numbers, like zero (0) instead of the letter O, is not the most secure. (see l33t speak)
  • Several words concatenated together is ideal, it’s easy to remember, and could take a computer/hacker years to decode!

We’re all about delivering human data for genuine engagement, and our password policy is just one of the ways we’re working to humanise the process of accessing and acting upon the data companies hold.

You can find out more about this quest here.