What xkcd is trying to point out here is that having a password that doesn’t make any sense to you is pointless. For example, the password D0g#ou5e fit the profile of complexity that most websites require. If you look carefully, the password is the word “doghouse” spelled out in the hacker alphabet “l33t” or “Leet.” Although you can get used to using this password, it would take some time.
One of my favorite online utilities is howsecureismypassword.net. As you would think, this website lets you input a password, and it tells you how long it would take a desktop computer to crack your password. When we tested the example password above, the results were that it would take about 57 day to crack that password. That’s less than the 90 days most IT guys recommend you change your password in! Obviously D0g#ou5e is not a very secure password, even if it looks like it should be.
Now lets try a much easier to remember password. A similar example to the one above is Doghouse!!!!!!!!!!!!. Notice that I picked one of my favorite numbers (12) and embedded it into the password in the number of exclamation points, or bangs as geeks call them. It’s an easy to remember password. Just the word doghouse, capitalized, with 12 exclamation points. When I tried this password on howsecureismypassword.net it said it would take about 421 quintillion years! That is 421,000,000,000,000,000,000 years! A little longer than 57 days.And it’s easier to remember
For one more example similar to the xkcd one lets try one that has a little more personal meaning. I’ll try wife+cat+birthday+3, my other favorite number. That would make my password RebeccaMolly32081***. Pretty easy to remember. howsecureismypassword.net says it would take about 6 sextillion years. That’s a 6 with 21 zeros behind it. In years. I think that’s long enough for me. And all I have to remember is wife+cat+birthday+3.
So, as usual, if you have any questions, please let me know. I still recommend changing your password every six months or so. I usually use the same password for everything if I can. I keep a list of websites than I use and spend an hour ever six months going around changing the password on all of them. Its worth it for secure peace of mind.