News |

Use sentences as passwords, warns Finnish IT security expert

Passwords should become longer statements, rather than single words, says one Finnish IT expert. Mikko Hyppönen of F-Secure says that the statements are easier to remember and provide a tougher nut for hackers to crack.

Mikko Hyppönen.
Mikko Hyppönen Image: Yle

Back in the early days of online security, the advice to users was to pick the longest word they could easily remember and use it as a password. That’s now outdated, according to F-Secure’s head of research Mikko Hyppönen.

“It’s from a time when we had to remember at most five passwords, but we now have to remember dozens if not hundreds,” said Hyppönen, speaking on Yle’s Aamu-TV breakfast television programme.

“Don’t use passwords, but pass-sentences,” said Hyppönen. “The length of the statement creates security against attempts to crack it.”

Easier to remember

It’s difficult to remember cryptic passwords, but a longer statement or an image related to a certain site can be easier to recall.

“’I buy all my books here’, that is 18 characters long and it’s easy to remember, if it is the password for a bookshop,” said Hyppönen.

It’s good to include misspellings and dialect words, in addition to the symbols and capital letters normally demanded by password-protected sites.

Hyppönen also flagged up another old canard that can be safely discarded: the idea that the same password cannot be used twice.

“The most important thing is that you have a good password for the important services,” said Hyppönen. For example those that have your credit card details. But for newspapers and online forums, you can recycle passwords.”

Latest in: News


Our picks