Do Sentences Make Better Passwords?

It seems that every single day, someone comes to a forum writing about how his accounts were hacked somehow and he doesn’t understand why. One of the reasons that people get accounts compromised so often is because they don’t exactly understand how it happens. Once the process of grabbing someone’s password becomes clear (it’s simple, by the way), then we can understand how we can modify our passwords to effectively prevent hackers from entering our accounts. One proposition that security experts have made recently was to use short sentences as passwords, rather than using a continuous string of characters (like “blablabla”). We’ll have a look at this and why it may or may not be more secure.

Also read: 8 Essential Settings to Secure Your Google Account

Understanding Password Theft

sentencepass-theft

Here at MTE, I have already covered the ways in which hackers can get ahold of your passwords. However, that list is composed mostly of methods used to sniff out and easily get ahold of your credentials. Right now, I want to cover with you the methods that hackers use to crack open your account from the outside rather than infiltrating your packet traffic. These methods are a little simpler but more time consuming. Let’s have a look:

  • Brute-Force Attacks: The method to this madness involves simply going through a ton of permutations of multi-character strings. So, a hacker with a brute-force tool will simply try thousands of permutations, hoping to hit the right one after a while. The tool will randomly guess character combinations (like “jif2$F”). Since passwords are typically more than six letters long, this method will take a while! However, a determined hacker will sit through an entire day’s worth of password guessing just to get into your account.
  • Common Word Attacks: The hacker will use common everyday words (like “strawberry” or “whiskey”) from a list, load them up on a special tool, and try each one out. It only takes a few minutes (many times, even a few seconds) to crack an account using a common word as a password.
  • Dictionary Attacks: As the name suggests, the hacker whips out a copy of the Oxford Dictionary and tries every word. Using an automated tool, this takes a little longer than a common word attack, but it will get a large amount of accounts cracked.

Security experts have long reached the conclusion that the safest password is one with a combination of alphanumeric characters (including uppercase letters) and special characters (like “$@(%#”). This isn’t far from the truth today. A password like “ff9jF#D” is much safer than “caramel.” The downside is that it’s really hard to remember random characters. Our brains just aren’t wired that way.

And, while we’re still on this subject, let me tell you a secret: If some expert tells you that a character-string password will take several years to crack, he’s probably talking about brute-forcing with a CPU. Hackers don’t do that anymore. Instead, they use things like nVidia’s CUDA technology, which allows them to tap into the immensely-faster GPU of a graphics card, allowing them to do what a computer does in a week within a span of hours by chaining a bunch of hardware together (through an SLI bridge).

Are Sentences Any Better?

sentencepass-lockonlaptop

The space (” “) is a legal character in most password forms. This means you can separate words from one another. Just having a sentence as your password can create a nightmare for hackers, according to a number of security experts, one of them being Thomas Baekdal. The advantage of using a sentence is that it’s much easier to remember than 8fa@!*FaicC and it’s also more secure when used in the proper manner.

In 2007, Baekdal wrote that “this is fun” is 10 times more secure than “J4fS<2.” I’m not sure what his opinion of this is right now, but I do not think that using something simple like “this is fun” is so secure that it would take a computer, according to his written piece, 2,537 years to crack it.

For one, let’s say that a hacker uses a list of the one-thousand most common words in the English language to crack “this is fun.” Since the password uses three distinct words, we’d have to contend with 1,000*1,000*1,000 possible permutations. That gives us a billion permutations to cycle. It sounds like a lot, but for a computer, this is very simple.

I’m not saying that Thomas Baekdal is wrong. I’m simply saying that you need to follow some guidelines when making your choice. Let me show you some ideas I’ve cooked up while thinking about this problem for several days:

  • Use non-space separators, like the hyphen (“-“). If you’re a little more daring, try something really difficult to figure out, like the trademark symbol (“™”, Alt+0153).
  • Use non-conversational uncommon words, like “quantum theory is a paramount development.” You can also create a sentence in another language, like Latin (“repetitio est mater studiorum”). This is especially useful when English is not your first language. Most hackers will search for passwords with English words, but very few of them would think of, say, Romanian or Czech.
  • Make sentences of random words. An example would be “paraphernalia photon cephalopod.”

Following these rules may result in a password that is, at first, difficult to remember. But you should consider the Latin proverb I used as an example of a non-English password. Its translation: Repetition is the mother of study. If you keep using your password, you’ll remember it in a jiffy. Remembering “faji2o#($FCCineF)9f(#“, I think, is much more difficult than remembering “paraphernalia photon cephalopod” or whatever these words may be in your native language.

Remember, the longer you make the sentence, the more secure it gets! Using a shorter sentence may still afford you some high level of security so long as you don’t use something that can be caught in a common word list. Dictionary attacks on your password are still possible, but not likely to yield results because of the enormous amount of time it would take for the hacker’s tool to crack your password open.

Limitation

The only limitation to the above method is that some sites don’t allow passwords longer than 20 characters. A few also don’t allow spaces or other special characters in passwords, although this is becoming more rare. I have even encountered an online banking platform that only allowed up to 14 alphanumeric characters. In these sites, sentence passwords won’t work whatsoever.

It’s Time For You To Speak!

I discussed a lot right now. Some of it is a little conflicting with conventional knowledge about passwords, so it’s normal for you to have opinions, questions, and thoughts on the matter. It’s time for you to open up. Join me and fellow readers in a conversation that could help clarify everything by leaving a comment below!

Best Plugins to Automatically Watermark Images In WordPress

2025-12-07
One of the way to protect your images online is to add watermark to your images. Here are some of the best plugins that you can use in WordPress to automatically add watermarks to the images you uploaded.

The Complete Guide to Avoid Scams on Craigslist

2025-12-07
Craigslist is a popular place for people to buy and sell stuff. It is also a good hangout for fraudster to scam the user. This guide will teach you how to avoid scams on Craigslist.

How To Read ODT Documents Inside Your Browser

2025-12-07
Various web services can open Microsoft Office files with ease, but what about files created with LibreOffice? The good thing is, you can also read ODT document in your browser as well.

Save and Restore Groups of Tabs in Chrome with This Quick Trick

2025-12-07
Looking for a way to overcome having too many tabs open? Use this quick trick to save and restore groups of tabs in Chrome without installing an extension.

4 Great Ways to Take And Edit Screenshots in Google Chrome

2025-12-07
Taking screenshots can be time-consuming. Here are 4 screenshots tools for Google Chrome that allow you to snap and annotate screenshots all in the browser.

5 Great Sites That Help You Build Creative CVs

2025-12-07
Your resume is an important part of your professional life and it doesn’t have to be boring. Here are 5 of the best sites to build a nice and creative CV.

Big List of Tools and Services to Help You Read Everything Faster

2025-12-07
With the overwhelming information in the Internet, it has become necessary for us to read faster. Here are some tools to improve your reading speed.

How to Opt Out of Facebook Browser History Ads on iOS, Android and the Web

2025-12-07
Facebook is selling your search history to help advertisers better target you with specific products. If you are worried about your privacy, here’s how to opt out.

Easily Add Gesture Support to Your WordPress Site

2025-12-07
Other than responsive design, it is also important to add gesture support to your website for mobile devices. Here is how you can do so in WordPress.

Top Places to Get Free Licensed Fonts for Personal and Commercial Use

2025-12-07
Looking to expand your fonts library? Here are some of the top places where you can download free licensed fonts for personal and commercial use.

How to Add Emails to Google Tasks Within Gmail

2025-12-07
If you use Gmail in Google Chrome, here’s a handy extension that allows you to see your Google Tasks along with your Gmail inbox.

How to Close and Snooze Tabs in Chrome to Reduce the Clutter

2025-12-07
It’s common to have multiple tabs open in a web browser. Here is how you can close and snooze tabs in Chrome to free up space in your web browser.