Wikipedia-logo.svg  For more information, see Password on Wikipedia. A password is a series of characters required to log into an account. A password is created along with an account and username. Passwords consist of letters, numbers, symbols, and/or spaces. A good password is not easy to guess but not hard to remember. Passwords should not be told to other users. The Scratch website requires passwords to be at least 6 characters long. It is good to write down one's password on a physical piece of paper in a safe location in case the password is ever forgotten. Passwords are case sensitive.

Note Note: It is recommended to use a different password for each account, whether on Scratch or any website.
Treat your password like your toothbrush. Don't let anybody else use it, and get a new one every six months.

Clifford "Cliff" Stoll[1]

Examples of Weak Passwords

Note Note: The following are not the only examples of weak passwords; in general, a password that is easily guessed or widely used is a weak password.
  • 'passw0rd'
  • 'abcdef'
  • 'scratch.mit.edu'
  • personal information, such as names

The Scratch website prevents users from having passwords less than 6 characters long, the string 'password' and passwords that are the same as the username when a user joins.[2]

Ways to Make a Strong Password

An xkcd comic demonstrating this section

Misconceptions

A common misconception is that the way to make a strong password is by using common substitutions (such as @ for a, $ for s, 0 for o etc.) and adding numbers/symbols at the end. However, this actually does not result in a significantly stronger password as those are all trivial for a computer to guess. They do result in a password that is much harder to remember, though.

Capitalizing a letter or not actually only multiplies the number of combinations by two. The number of possible substitutions (e.g. 5) only multiplies the number of combinations by 2n, so for 5 possible substitutions, that would only multiply the number of substitutions by 32. Finally, the number of symbols at the end multiples the number of combinations by approximately 30n (assuming 30 common numbers/symbols). This means that a password with five possible substitutions, possibly capitalized, and with two symbols at the end multiplies the number of combinations by 2x25x302=57,600. Putting that on top of an uncommon base word which has about 170,000 combinations (the number of words in the Oxford English Dictionary), results in 170,000*57,000=9.8x109 combinations. This would take approximately 110 days to guess at 1,000 guesses per second.

A Stronger Technique

A technique to make a strong password is to use eight or more random and unrelated English words strung together. For example: "phoneticketdigitalscissorslollipopfaithfulexecutivetwenty". Please do not use this as a password now that it has been used as an example here. Although this at first may appear less secure, there are about 3,000 words that account for 95% of usage in English.[3] The number of combinations for n common words is hence 3,000n. This means that for 8 words, there are about 7×1027 combinations. At a rate of 1×1010 guesses per second, an eight-word password could be attacked for more than twenty billion years (which will last only 6.3×1017 seconds) without being guessed.

Using a Password Manager

A common mistake internet users make is to use the same password across multiple websites. As much as it is insecure, it is often the most feasible — it is hard to memorize multiple strong passwords at once, especially when there are many websites that require logging in.

A password manager can securely store account information. This relieves a user responsibility of memorizing a username and password to multiple websites. Often, password managers offer secure password suggestions when registering an account or changing passwords. The only password that is required is one to log into the password manager.


See Also

References

SandCastleIcon.png This section has links to websites or programs outside of Scratch and Wikipedia. Remember to stay safe while using the internet, as we cannot guarantee the safety of other websites.
Cookies help us deliver our services. By using our services, you agree to our use of cookies.