Are Passwords with Numbers Instead of Letters Secure?

Posted by Paul on July 21, 2017

I blogged back in October 2013 about the need to start taking online security more seriously than ever because the amount and sophistication of hacking activity had been increasing, and in my view was likely to increase still further. Unfortunately I was correct and we've recently seen attacks such as WannaCry and other computer security breaches.

Specifically though, I've seen 3 successful website hacks in the last week alone that were all due to weak passwords. Massive amounts of developer time and effort go in to making online platforms as secure as possible and it seems a waste to then use a weak password.

Even more specifically, all 3 hacks were caused by passwords that were dictionary words w1th s0m3 l3tt3r5 c0nv3rt3d t0 numb3r5.

You might like to think that your password is way more secure than P455W0RD1! but if your password is one or more recognisable words with a few of the letters changed to numbers and even with some random characters at the beginning and/or end, it could get cracked in just 3 days.

This great cartoon from XKCD explains the maths and gives an alternative method of password generation:



It's a great solution and it produces a memorable, very secure password which hopefully won't need to be written down because it's based on the principles of human memory.

And if you're looking to generate such a password, there's even a website named after this XKCD cartoon:

[Update 2021-07-21]
It seems the link above is broken but this one seems good:

Important note: you cannot just come up with 4 "random" words yourself because they won't actually be random, for the maths to work, they have to be generated by a computer from a dictionary of millions of words.

Alternatively, if you don't need to remember the password (i.e. you'll store it somewhere very safe) you could use: or

What did you think of this article? How do you generate your passwords (remember not to give too much info!)? Let us know in the comments!

blog comments powered by Disqus