Length > Complexity

from https://xkcd.com/936/A long password is, generally, more secure than a complicated one.

According to GRC’s Search Space Calculator

“%n7yP!zza” can be cracked in under 2 hours.
“ilikepeasandcarrots” takes around 2.53 thousand centuries.
Include spaces, and it leaps to 7.66 hundred million trillion centuries.

I know this is a gross oversimplification of factors that can influence a password’s guess-ability, such as entropy. But in almost all cases, password length contributes more significantly to overall password strength than complexity (see also Password Strength at xkcd).

I’ve mentioned KeePass and LastPass elsewhere, but if you’re not already using a password manager I highly suggest giving one of those two a go.


No doubt, you’ve seen a bit of media buzz surrounding the Heartbleed bug. As usual, xkcd explains it extremely well.
It impacts nearly every website you use where you have a login (like Gmail, Facebook, your bank, Healthcare.gov, etc.).

If you’re not already using a password manager, please consider KeePass or LastPass.

We’ve been using KeePass for years, have 695 passwords securely saved and I only have to remember one password to access them all.

Their website puts it best: “KeePass… helps you to manage your passwords in a secure way. You can put all your passwords in one database, which is locked with one master key or a key file. So you only have to remember one single master password or select the key file to unlock the whole database. The databases are encrypted using the best and most secure encryption algorithms currently known (AES and Twofish).”