Do Sentences Make Better Passwords?

It seems that every single day, someone comes to a forum writing about how his accounts were hacked somehow and he doesn’t understand why. One of the reasons that people get accounts compromised so often is because they don’t exactly understand how it happens. Once the process of grabbing someone’s password becomes clear (it’s simple, by the way), then we can understand how we can modify our passwords to effectively prevent hackers from entering our accounts. One proposition that security experts have made recently was to use short sentences as passwords, rather than using a continuous string of characters (like “blablabla”). We’ll have a look at this and why it may or may not be more secure.

Also read: 8 Essential Settings to Secure Your Google Account

Understanding Password Theft

sentencepass-theft

Here at MTE, I have already covered the ways in which hackers can get ahold of your passwords. However, that list is composed mostly of methods used to sniff out and easily get ahold of your credentials. Right now, I want to cover with you the methods that hackers use to crack open your account from the outside rather than infiltrating your packet traffic. These methods are a little simpler but more time consuming. Let’s have a look:

  • Brute-Force Attacks: The method to this madness involves simply going through a ton of permutations of multi-character strings. So, a hacker with a brute-force tool will simply try thousands of permutations, hoping to hit the right one after a while. The tool will randomly guess character combinations (like “jif2$F”). Since passwords are typically more than six letters long, this method will take a while! However, a determined hacker will sit through an entire day’s worth of password guessing just to get into your account.
  • Common Word Attacks: The hacker will use common everyday words (like “strawberry” or “whiskey”) from a list, load them up on a special tool, and try each one out. It only takes a few minutes (many times, even a few seconds) to crack an account using a common word as a password.
  • Dictionary Attacks: As the name suggests, the hacker whips out a copy of the Oxford Dictionary and tries every word. Using an automated tool, this takes a little longer than a common word attack, but it will get a large amount of accounts cracked.

Security experts have long reached the conclusion that the safest password is one with a combination of alphanumeric characters (including uppercase letters) and special characters (like “$@(%#”). This isn’t far from the truth today. A password like “ff9jF#D” is much safer than “caramel.” The downside is that it’s really hard to remember random characters. Our brains just aren’t wired that way.

And, while we’re still on this subject, let me tell you a secret: If some expert tells you that a character-string password will take several years to crack, he’s probably talking about brute-forcing with a CPU. Hackers don’t do that anymore. Instead, they use things like nVidia’s CUDA technology, which allows them to tap into the immensely-faster GPU of a graphics card, allowing them to do what a computer does in a week within a span of hours by chaining a bunch of hardware together (through an SLI bridge).

Are Sentences Any Better?

sentencepass-lockonlaptop

The space (” “) is a legal character in most password forms. This means you can separate words from one another. Just having a sentence as your password can create a nightmare for hackers, according to a number of security experts, one of them being Thomas Baekdal. The advantage of using a sentence is that it’s much easier to remember than 8fa@!*FaicC and it’s also more secure when used in the proper manner.

In 2007, Baekdal wrote that “this is fun” is 10 times more secure than “J4fS<2.” I’m not sure what his opinion of this is right now, but I do not think that using something simple like “this is fun” is so secure that it would take a computer, according to his written piece, 2,537 years to crack it.

For one, let’s say that a hacker uses a list of the one-thousand most common words in the English language to crack “this is fun.” Since the password uses three distinct words, we’d have to contend with 1,000*1,000*1,000 possible permutations. That gives us a billion permutations to cycle. It sounds like a lot, but for a computer, this is very simple.

I’m not saying that Thomas Baekdal is wrong. I’m simply saying that you need to follow some guidelines when making your choice. Let me show you some ideas I’ve cooked up while thinking about this problem for several days:

  • Use non-space separators, like the hyphen (“-“). If you’re a little more daring, try something really difficult to figure out, like the trademark symbol (“™”, Alt+0153).
  • Use non-conversational uncommon words, like “quantum theory is a paramount development.” You can also create a sentence in another language, like Latin (“repetitio est mater studiorum”). This is especially useful when English is not your first language. Most hackers will search for passwords with English words, but very few of them would think of, say, Romanian or Czech.
  • Make sentences of random words. An example would be “paraphernalia photon cephalopod.”

Following these rules may result in a password that is, at first, difficult to remember. But you should consider the Latin proverb I used as an example of a non-English password. Its translation: Repetition is the mother of study. If you keep using your password, you’ll remember it in a jiffy. Remembering “faji2o#($FCCineF)9f(#“, I think, is much more difficult than remembering “paraphernalia photon cephalopod” or whatever these words may be in your native language.

Remember, the longer you make the sentence, the more secure it gets! Using a shorter sentence may still afford you some high level of security so long as you don’t use something that can be caught in a common word list. Dictionary attacks on your password are still possible, but not likely to yield results because of the enormous amount of time it would take for the hacker’s tool to crack your password open.

Limitation

The only limitation to the above method is that some sites don’t allow passwords longer than 20 characters. A few also don’t allow spaces or other special characters in passwords, although this is becoming more rare. I have even encountered an online banking platform that only allowed up to 14 alphanumeric characters. In these sites, sentence passwords won’t work whatsoever.

It’s Time For You To Speak!

I discussed a lot right now. Some of it is a little conflicting with conventional knowledge about passwords, so it’s normal for you to have opinions, questions, and thoughts on the matter. It’s time for you to open up. Join me and fellow readers in a conversation that could help clarify everything by leaving a comment below!

Converting Files In Google Drive With DriveConverter

2026-01-31
If you’re looking for a built-in tool to convert files in Google Drive, then try DriveConverter, a web app and Chrome extension specially built for Google Drive. It offers more flexible conversion features for documents, images and music files.

How to Copy All Links on a Web Page in Firefox

2026-01-31
Have you ever wanted to copy all links on a web page while browsing? This Firefox add-on lets you copy all links on a web page in a matter of seconds.

Is Your Email Provider Leaking Your IP Address to Recipients? Here’s How to Find Out

2026-01-31
If you care about your privacy, you need to make sure that your email provider is not leaking your IP address to recipients. Here’s the tool for the job!

Surfly Lets You Browse the Web with Friends Without Installing Software

2026-01-31
Surfly is a free web app that lets you browse the web with friends in just a few quick steps; enter a website, share a short URL & start surfing.

Skrill, a Trustworthy PayPal Alternative

2026-01-31
Paypal may be the biggest online payment platform, it is definitely not the best. Skrill is a good Paypal alternative that is available in 200 countries.

Hacked: 11 Signs Your Online Security Is Being Compromised

2026-01-31
When you start to see weird behavior on your PC, it could be signs that your online security has been compromised. Here are 11 signs you should take note of

How to Organize History By Tags in Google Chrome

2026-01-31
The History tool in Google Chrome can be in a mess sometimes. Better History provides a more structured way of searching and viewing recently visited sites.

Mastering Keyword Searches for Better Productivity in Firefox

2026-01-31
Mozilla don’t call their address bar the “Awesome Bar” for nothing. Master the keyword searches in Firefox and turn the Awesome Bar into a productive tool.

Reader vs iReader: The Battle of the Readability Extensions

2026-01-31
Reader and iReader for Firefox are two great extensions to implement a “Reader mode” in Firefox, but which is better? Let’s find out.

End-To-End Encryption (And Principle) Explained

2026-01-31
You probably have heard the term “end-to-end” plenty of times, but what is it really about? Read on to find out more.

3 Things to Do to Make Your Internet Life More Secure

2026-01-31
The Internet is full of hackers and thieves, all wanting to get into your accounts. Here are 3 things you should do to make your internet life more secure.

How to Open Multiple Links in Firefox

2026-01-31
If you always have a set of URLs that you want to load whenever you run the browser, Multiopen for Firefox allows you to open multiple links quickly and easily.