How to create a long and strong passwords yet still memorable?
Requirements for setting a strong password
ESRS follows today’s common recommended strong passwords requirements by cybersecurity pros. Hence, to register in esrs.eu website your password should be at least:
- 12 characters long
************ - 1 lowercase letter
[A-Z] - 1 uppercase letter
[a-z] - 1 numerical number
[0-9] - 1 special character (e.g. symbols like
! " ? $ % ^ & * = + [ ] ; : ‘ ” , < > /)
- your login ID or username, email address, first, or last name
- sequences or repeating character strings of 3 or more characters (e.g.
123or999oreeee)
Can a long and "easy" password be more secure than a shorter but complex one?
Say you have to choose between the following passwords:
1 day I want to FLY!(20 characters long)2$As^5#y(8 characters long)
Which one is more easily remembered?
This question is easy to answer, most common people answer the first and longer one.
Which one is more secure?
This answer is a bit more tricky… If your answer here was also the 20 characters long password, you are correct!
This is because the shorter a password is the more hackers find it easier to break with nowadays computer technologies. This is why passwords these days are required to be more and more hard to break, and for the right reason. A short password is easy to crack by any determined hacker that runs a brute-force attack on a website in order to steal a users’ password and access the website, users data and/or try accessing other user’s platform accounts.
Check how long would it take to crack each password
The next table results came from testing these passwords security strength on two online tools, which you can also use to test how secure your password is. These time values represent the expected times that a current average home computer would take to crack the passwords.
| Password | security.org tool | Kaspersky tool |
|---|---|---|
1 day I want to FLY! | 3 sextillion years (3×1021) | 10 000+ centuries (1 million+ years) |
2$As^5#y | 8 hours | Less than a short walk |
As you can clearly see, the longer and easier password to remember is the one recommend to use, considered a hack-resistant password.
And if we increase a little the length and its complexity but still make it simple to remember like 1 #day! I wanto be a FLY (24 characters) we get 200 octillion years (for security.org) and 1 million+ years (the maximum given by Kaspersky tool). By using less dictionary words, it makes it more difficult to hackers to crack using (besides brute-force attacks) other decryption methods like dictionary attack.
The first tool is from security.org, a media company that does research on security related topics and products, and is called How Secure Is My Password? (it determines how long it would take to crack your password using a brute-force attack). The second tool is from Kaspersky Lab, one off the world’s largest cybersecurity companies that provides cyber security solutions and services, and is called Password Checker (it uses two methods which includes brute-force attacks and matching password databases of leaked accounts, which returns normally smaller time results).
Both tools’ websites acknowledge that are secure to use, that do not store password entries in any way or share with anyone, and that use secure data transfer (SSL/TLS) – HTTPS secure connections.
If you are not sure in testing your passwords in these websites, you can do some more research about these two companies and further read these online tools FAQs, visit the websites in incognito mode (available in all popular browsers) or open in Chrome Guest mode, use a VPN, and test only similar passwords to the one you end up selecting for your login.
Also, after you use these tools we recommend that you close their browser tabs. Do not navigate from these websites pages to esrs.eu (for example, by writing on the browser address bar the esrs.eu URL) as it is possible to track to which URL/domain you exit to.