Why “You are Great” is Better than a Random Password?

Password security in wordpress

If like myself, you were informed that a random password (using special characters) is better than using just words, then think again. According to the article entitled “Why the password “this is fun” is 10 times more secure than “J4fS!2” by Vivekgirotra.com, this simply isn’t the case, apparently.

The main gist of the article explains how hackers may target your site, and how they get hold of your password. All my passwords are at least 20 characters in length including special characters and chosen at random. The article explains, however, that choosing a few random nonsensical words can be just as effective.

I’m not going into the article in detail, but if you have a WordPress blog, sell websites and manage them, or any other site that is important to you, I suggest you take a look. It gets quite technical, but it’s easy to get their point on the matter.

Ever since my blog was hacked last year, I regularly keep up-to-date with matters such as this. I now have many security plugns installed on my WordPress installation and use every security measure possible.

Since reading the article a few months back, I’ve still been mixing random characters into my passwords (hold habits die hard), but I no longer choose ridiculously long ones that take me 5 minutes to type in! I recommend taking a look at the article and do what’s best for you.

Here’s some Further Reading: 6 WordPress Plugins that Protect Your Blog from Hackers.

4 thoughts on “Why “You are Great” is Better than a Random Password?”

  1. Daniel Richard

    Found ya through a twitter message. 🙂

    I so remember the days when Yahoo! Mail first came out and my password was like 3 numeric digits long.

    I used to hack passwords (friends’ accounts) for some massive multiplayer games, and as what Vivek wrote in his article, guesswork + short string characters (usually combination of email sig + date of birth) is a completely useless type of a password.

    Speaking of which, I better download some of the security plugins you’ve just mentioned. 🙂

  2. Andrew Kelsall

    Hi Daniel, Yes, those security plugins are “a must” for me. I have them installed on my blogs and those of my clients, too.

    I was surprised by how many hack-attempts there are on this site on a weekly basis, which I am notified about via email from the WP admin.

    Thanks for commenting…

  3. Andrew Keir

    I’m afraid someone has porked the math on this. ( sorry, epic math incoming )

    11 lower case characters including spaces (passwords like “this is fun”) has 5.5590657 x 10 to the 15 possible combinations.

    An 11 character password built from the standard characters on a keyboard including uppercase and no spaces ( i.e. F7d#jD5^dnB ) has 5.0629207 x 10 to the 21 possible combinations.

    The later isn’t susceptible to dictionary or common word attacks and has many billions more combinations to block brute force attacks.

    Random characters, case and symbols all the way, in my opinion.

  4. Andrew Kelsall

    Hay Andrew, I thought you were busy! I see your point, although the linked article made sense too. I did say, though, that I do still keep the random characters to be on the safe side…