Back in the early days of online security, the advice to users was to pick the longest word they could easily remember and use it as a password. That’s now outdated, according to F-Secure’s head of research Mikko Hyppönen.
“It’s from a time when we had to remember at most five passwords, but we now have to remember dozens if not hundreds,” said Hyppönen, speaking on Yle’s Aamu-TV breakfast television programme.
“Don’t use passwords, but pass-sentences,” said Hyppönen. “The length of the statement creates security against attempts to crack it.”
Easier to remember
It’s difficult to remember cryptic passwords, but a longer statement or an image related to a certain site can be easier to recall.
“’I buy all my books here’, that is 18 characters long and it’s easy to remember, if it is the password for a bookshop,” said Hyppönen.
It’s good to include misspellings and dialect words, in addition to the symbols and capital letters normally demanded by password-protected sites.
Hyppönen also flagged up another old canard that can be safely discarded: the idea that the same password cannot be used twice.
“The most important thing is that you have a good password for the important services,” said Hyppönen. For example those that have your credit card details. But for newspapers and online forums, you can recycle passwords.”