Say N0 2 S1Lly P4$$words

May 31, 2018
Kevin Monk

Tags: securitypasswords

It might be worth reconsidering the password policy of your organisation. If you want a strong password try combining four common words as this XKCD comic suggests.

correct horse battery staple

According to the author of one of the world’s most sophisticated password hacking tools, it is best to think of password strength in terms of guesses per dollar. What does this mean…

4 words

“correct horse battery staple” - would cost half a million dollars to crack.

5 words

“quire piazza known soon thrips” - about 2 billion dollars

6 words

“incident sidewall serif gradate agonize humor” - about 8 trillion dollars

7 words

“winsome amoral flagpole fee ivan sadly lawgiver” the GDP of the world for 60’000 years.

12 words

Many bitcoin wallet passwords use 12 words. There’s literally not enough energy in the universe to crack them; even with a quantum computer.


The great thing about using random dictionary words is that they’re easy to remember because we can construct stories around them. Four common words is probably a good starting point for a password policy. Isn’t that easier than r3Me8er1ng something more complicat3d?

One last piece of advice: use a random password generator and keep your passwords in a vault such as 1Password. Humans are terrible at picking random words and numbers. As shown in the image below, if you ask people to pick a random number between 1 and 20, 20% will pick the number 17! Let the computer randomly pick the words then construct a story about them so you can memorise them. I bet you can remember the “correct horse seeing the battery with a staple in it” already.

P.S. Don’t use “correct horse battery staple” as your password :)

Find this interesting?

You should sign up to our newsletter because it will keep you up to date with Medical HR, technology and what SARD JV are up to. We promise not to send you a load of sales bumf. Newsletters have a typical email open rate of around 15-20%. We aim to keep our open rate above 60%. That means we'll only add you to the list if you really want to be added and work hard to send you interesting stuff.

Subscribe to our mailing list