Do Sentences Make Better Passwords?

2025-10-25

It seems that every single day, someone comes to a forum writing about how his accounts were hacked somehow and he doesn’t understand why. One of the reasons that people get accounts compromised so often is because they don’t exactly understand how it happens. Once the process of grabbing someone’s password becomes clear (it’s simple, by the way), then we can understand how we can modify our passwords to effectively prevent hackers from entering our accounts. One proposition that security experts have made recently was to use short sentences as passwords, rather than using a continuous string of characters (like “blablabla”). We’ll have a look at this and why it may or may not be more secure.

Also read: 8 Essential Settings to Secure Your Google Account

Understanding Password Theft

sentencepass-theft

Here at MTE, I have already covered the ways in which hackers can get ahold of your passwords. However, that list is composed mostly of methods used to sniff out and easily get ahold of your credentials. Right now, I want to cover with you the methods that hackers use to crack open your account from the outside rather than infiltrating your packet traffic. These methods are a little simpler but more time consuming. Let’s have a look:

  • Brute-Force Attacks: The method to this madness involves simply going through a ton of permutations of multi-character strings. So, a hacker with a brute-force tool will simply try thousands of permutations, hoping to hit the right one after a while. The tool will randomly guess character combinations (like “jif2$F”). Since passwords are typically more than six letters long, this method will take a while! However, a determined hacker will sit through an entire day’s worth of password guessing just to get into your account.
  • Common Word Attacks: The hacker will use common everyday words (like “strawberry” or “whiskey”) from a list, load them up on a special tool, and try each one out. It only takes a few minutes (many times, even a few seconds) to crack an account using a common word as a password.
  • Dictionary Attacks: As the name suggests, the hacker whips out a copy of the Oxford Dictionary and tries every word. Using an automated tool, this takes a little longer than a common word attack, but it will get a large amount of accounts cracked.

Security experts have long reached the conclusion that the safest password is one with a combination of alphanumeric characters (including uppercase letters) and special characters (like “$@(%#”). This isn’t far from the truth today. A password like “ff9jF#D” is much safer than “caramel.” The downside is that it’s really hard to remember random characters. Our brains just aren’t wired that way.

And, while we’re still on this subject, let me tell you a secret: If some expert tells you that a character-string password will take several years to crack, he’s probably talking about brute-forcing with a CPU. Hackers don’t do that anymore. Instead, they use things like nVidia’s CUDA technology, which allows them to tap into the immensely-faster GPU of a graphics card, allowing them to do what a computer does in a week within a span of hours by chaining a bunch of hardware together (through an SLI bridge).

Are Sentences Any Better?

sentencepass-lockonlaptop

The space (” “) is a legal character in most password forms. This means you can separate words from one another. Just having a sentence as your password can create a nightmare for hackers, according to a number of security experts, one of them being Thomas Baekdal. The advantage of using a sentence is that it’s much easier to remember than 8fa@!*FaicC and it’s also more secure when used in the proper manner.

In 2007, Baekdal wrote that “this is fun” is 10 times more secure than “J4fS<2.” I’m not sure what his opinion of this is right now, but I do not think that using something simple like “this is fun” is so secure that it would take a computer, according to his written piece, 2,537 years to crack it.

For one, let’s say that a hacker uses a list of the one-thousand most common words in the English language to crack “this is fun.” Since the password uses three distinct words, we’d have to contend with 1,000*1,000*1,000 possible permutations. That gives us a billion permutations to cycle. It sounds like a lot, but for a computer, this is very simple.

I’m not saying that Thomas Baekdal is wrong. I’m simply saying that you need to follow some guidelines when making your choice. Let me show you some ideas I’ve cooked up while thinking about this problem for several days:

  • Use non-space separators, like the hyphen (“-“). If you’re a little more daring, try something really difficult to figure out, like the trademark symbol (“™”, Alt+0153).
  • Use non-conversational uncommon words, like “quantum theory is a paramount development.” You can also create a sentence in another language, like Latin (“repetitio est mater studiorum”). This is especially useful when English is not your first language. Most hackers will search for passwords with English words, but very few of them would think of, say, Romanian or Czech.
  • Make sentences of random words. An example would be “paraphernalia photon cephalopod.”

Following these rules may result in a password that is, at first, difficult to remember. But you should consider the Latin proverb I used as an example of a non-English password. Its translation: Repetition is the mother of study. If you keep using your password, you’ll remember it in a jiffy. Remembering “faji2o#($FCCineF)9f(#“, I think, is much more difficult than remembering “paraphernalia photon cephalopod” or whatever these words may be in your native language.

Remember, the longer you make the sentence, the more secure it gets! Using a shorter sentence may still afford you some high level of security so long as you don’t use something that can be caught in a common word list. Dictionary attacks on your password are still possible, but not likely to yield results because of the enormous amount of time it would take for the hacker’s tool to crack your password open.

Limitation

The only limitation to the above method is that some sites don’t allow passwords longer than 20 characters. A few also don’t allow spaces or other special characters in passwords, although this is becoming more rare. I have even encountered an online banking platform that only allowed up to 14 alphanumeric characters. In these sites, sentence passwords won’t work whatsoever.

It’s Time For You To Speak!

I discussed a lot right now. Some of it is a little conflicting with conventional knowledge about passwords, so it’s normal for you to have opinions, questions, and thoughts on the matter. It’s time for you to open up. Join me and fellow readers in a conversation that could help clarify everything by leaving a comment below!

Comments on " Do Sentences Make Better Passwords?" :

    Leave a Reply

    Your email address will not be published. Required fields are marked *

    Related Article

    How to Password Protect a Spreadsheet in Google Drive
    INTERNET

    How to Password Protect a Spreadsheet in Google Drive

    Google Drive offers a lot of features for users, but some of the basics have always been missing, su

    How To Read ODT Documents Inside Your Browser
    INTERNET

    How To Read ODT Documents Inside Your Browser

    Various web services tout that they can open Microsoft Office files with ease, but what about files

    Light – A Lightweight and Speedy Firefox Alternative
    INTERNET

    Light – A Lightweight and Speedy Firefox Alternative

    In an age where Internet becomes the main tool for communication, it is no surprise that Web browser

    What’s New in WordPress 4.0 – Features Round Up
    INTERNET

    What’s New in WordPress 4.0 – Features Round Up

    WordPress recently released the beta version of WordPress 4.0. As this is a major release, there are

    5 Mistakes That Every WordPress User Should Avoid Making
    INTERNET

    5 Mistakes That Every WordPress User Should Avoid Making

    WordPress is a powerful CMS that allows you to quickly and easily publish content on the Web. Howeve

    How Does Public Key Encryption Work?
    INTERNET

    How Does Public Key Encryption Work?

    For many, security remains a mystery that is better left to the professionals. It has been seen as t

    How to Enable the Firefox Quick Find Feature in Google Chrome
    INTERNET

    How to Enable the Firefox Quick Find Feature in Google Chrome

    Most people who do research online rely on their browser’s search function to scan and find data i

    Three Ways To Educate Yourself Right Now About Internet Censorship
    INTERNET

    Three Ways To Educate Yourself Right Now About Internet Censorship

    The idea that someone else can decide what you can or can’t access on the Internet is abhorring. Y

    About Netverse

    We are a premier digital platform committed to delivering high-quality content to our readers. Our mission is to provide accurate, reliable, and engaging information that adds value to our audience's daily lives.

    Our team consists of experienced content creators and subject matter experts who uphold the highest standards of professionalism. In an era of information overload, we curate content with care, ensuring our users receive only the most relevant and trustworthy information.

    Beyond just reporting facts, we focus on depth and context. Through expert analysis, comprehensive research, and clear presentation, we help our audience gain meaningful insights and make informed decisions.

    We take pride in being a trusted information source for our growing community of readers. Our user-first approach means we continuously adapt to provide content that meets our audience's evolving needs and interests.

    Innovation and excellence drive everything we do. We're committed to improving our platform and services to deliver the best possible experience for our users.