Three word passwords are highly secure

The always informative Baekdal explains how a password of three words (“peanut butter jelly”) is both highly secure and easy to remember. You can make the password impregnable by using special characters between the words and capitalizing (“peanut-Butter/jelly”.)

If you use the same system for all passwords, then you don’t have to think about. In this example, putting a dash between the first and second words, capitalizing the second word, and putting a slash between the second and third words.

Using more than one simple word as your password increases your security substantially (from 3 minutes to 2 months). But, by simply using 3 words instead of two, you suddenly got an extremely secure password.

It takes:

1,163,859 years using a brute-force method
2,537 years using a common word attack
39,637,240 years using a dictionary attack

It is 10 times more secure to use “this is fun” as your password, than “J4fS<2”.

Baedal’s post is from 2007 but just got linked to from ReadWriteWeb so he probably just got a zillion hits off it.


  1. I use a 32 char password containing numbers, special chars, upper and lower case and 2 alt code chars. How long would this take to crack?

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.