Historically, a password considered "strong" has required a combination of
- uppercase letters (A B C D E ...)
- lowercase letters (a b c d e ...)
- digits (1 2 3 4 5 ...)
- punctuation symbols (@ # $ % & ...)
BallotBox does not have those sorts of password requirements. They made passwords hard to remember, without actually making them hard for a computer to guess. Here is a quick history lesson, and then what we recommend:
The old view of "strong passwords"
Sometimes, people satisfy these difficult rules by transforming letters into numbers that are visually similar. For example, the password
hamster
looks like a very weak password -- and it is weak. Not only is it short, and all lowercase letters, but it will be found in any dictionary attack.
So the user transforms that simple word into
H4m5t3R
Now that looks like a much stronger password, doesn't it? But it is not. In fact, BallotBox would not accept that as a permissible password.
How we recommend you set a password
OK, enough history. What do we recommend?
We recommend that you use, as your password, four or five common words, strung together with or without spaces.
You can add numbers, capitalization, and punctuation, to make the password even stronger, so long as you will still be able to remember it.
Here are some examples:
bikebasketchickenleg
PeterPaulandMary pumpkins
my 1st car was BROWN
myhamsterslike2spin
the1thingJohnlikes? queso
Here are some additional tips:
- It should go without saying, but please do not use any of these examples as your actual password.
- The boldfacing in the examples is just to make this article easier to read - you cannot actually make your password boldfaced. Or italicized.
- Do not pick words that a human may guess, if they know you - for example, if you have four children, and everyone knows that, you should not set your password using their four first names.
- We're not saying these passwords are bulletproof - but we are saying that this approach can help you create a password that is strong, and that you can remember.
Finally, XKCD, which is (no surprise) unaffiliated with BallotBoxOnline LLC, published a cartoon that illustrates this password recommendation at www.XKCD.com/936.