Ballot Box Online

Secure online voting, made easy

I want to save a draft ballot, and I'm being asked to set a password. What are the password requirements?

Home > Voters > I want to save a draft ballot, and I'm being asked to set a password. What are the password requirements?

Historically, a password considered "strong" has required a combination of

  • uppercase letters (A B C D E ...)
  • lowercase letters (a b c d e ...)
  • digits (1 2 3 4 5 ...) 
  • punctuation symbols (@ # $ % & ...)

BallotBox does not have those sorts of password requirements.  They made passwords hard to remember, without actually making them hard for a computer to guess.  Here is a quick history lesson, and then what we recommend:

 

The old view of "strong passwords"

Sometimes, people satisfy these difficult rules by transforming letters into numbers that are visually similar.  For example, the password

hamster

looks like a very weak password -- and it is weak.  Not only is it short, and all lowercase letters, but it will be found in any dictionary attack.

So the user transforms that simple word into 

H4m5t3R

Now that looks like a much stronger password, doesn't it?    But it is not.  In fact, BallotBox would not accept that as a permissible password.

 

How we recommend you set a password

OK, enough history.  What do we recommend?

We recommend that you use, as your password, four or five common words, strung together with or without spaces.  

You can add numbers, capitalization, and punctuation, to make the password even stronger, so long as you will still be able to remember it. 

Here are some examples:

bikebasketchickenleg

PeterPaulandMary pumpkins

my 1st car was BROWN

myhamsterslike2spin

the1thingJohnlikesqueso

Here are some additional tips:

  • It should go without saying, but please do not use any of these examples as your actual password.  
  • The boldfacing in the examples is just to make this article easier to read - you cannot actually make your password boldfaced.  Or italicized.
  • Do not pick words that a human may guess, if they know you - for example, if you have four children, and everyone knows that, you should not set your password using their four first names.
  • We're not saying these passwords are bulletproof - but we are saying that this approach can help you create a password that is strong, and that you can remember.

Finally, XKCD, which is (no surprise) unaffiliated with BallotBoxOnline LLC, published a cartoon that illustrates this password recommendation at www.XKCD.com/936.

Updated:

Other Articles