Is complex password safe?
Which of the following is a safer password?
1. wG1eqe#4D
2. therearemanyunpopularopinions
General opinion:
1 is safer because it has capital, small letters, numbers, special characters, etc. It’s harder to break. Probably it will take many months to break it. It is impossible for a person to guess and hard for a computer to crack. Technically a good pick.
Alternative opinion:
It’s fair to assume 1 to be a better option. But, it’s not. It’s a bad password.
Reason 1: how is anyone supposed to remember that? What will happen here is that users will not remember it and will write the passwords somewhere. Being techies you can use password managers and our products have the majority of users who are of the age where one uses Post-it notes to remember stuff. These passwords too go somewhere like that and they end up getting hacked because of the way they had stored them. The product is considered reliable for the loss and gets the notion set for having bad security. Something like what's happening with abandoning usage of UPIs by our parents'-aged people calling it a scam, where the source of the scam isn't the UPI apps but something else.
Reason 2: Take a good look at this: therearemanyunpopularopinions. All lowercase, nothing special, no Jutsu, no Sharingan. But still, it will take a computer thousands of years to crack it because it’s a long password. As you keep increasing the length, the complexity of to break increases. And since this isn’t a password from the common list, it will be still hard to guess it.
Still didn’t get what I mean? Don’t worry! you know I got memes to explain everything.
This got me to an interesting idea. If you’re asking people to create a password like #1, instead ask them to create a password that tells a story (like we give the hints in the placeholder).
If this works, your product will have strong passwords without making users struggle, and a plus point - they can visualize their passwords. Hence, no hassle of remembering.
Your users aren’t ones who understand algorithms, so use emotions to deal with them