Any password can be compromised (especially given enough time or inclination). But a secure password is still your first line of defense. Using common data like a birthday or a child’s name can be guessed by anyone who has access to your Facebook profile. And yet, past password leaks have shown that many users still rely on inane passwords like ‘1234’ or even just the word ‘password.’ Those are in many cases as ineffective as having no password at all.
A good password has two important qualities. First, unlike the aforementioned passwords, it’s hard to guess, meaning that somebody has to either trick a person into revealing their password, or perform what’s called a brute-force attack—essentially, trying every possible password until they hit upon the correct one.
Second, a good password is easy to remember. That means that it’s something you can recall without writing it down—because, as soon as you have to write it down, it means that you’ve already compromised the security of that password. The best password is stored only in your head.
So, though you might be encouraged to create a password of random alphanumeric characters, like xdK92z!, it turns out that they’re not terribly secure, because they’re hard to remember, and relatively simple for a computer to crack. You can add a tremendous amount of complexity to your password with a technique that ends up keeping your password fairly simple to remember: Use a full sentence. This adds an order of magnitude of difficulty for a computer to guess your password through brute force, particularly since—despite thrilling movie scenes that show passwords hacked character by character—a hacker needs to determine your entire password in one go. With a password like “Six dogs ate schnitzel in a haberdashery,” instead of merely needing to pick one right word at random, or a relatively short series of jumbled characters, the algorithm would need to correctly guess seven unique words in tandem.