Note: It is recommended to use a different password for each account, whether on Scratch or any website.
 “ Treat your password like your toothbrush. Don't let anybody else use it, and get a new one every six months. ” – Clifford "Cliff" Stoll

## Contents

• 'passw0rd'
• '123456'
• 'scratch'
• 'qwerty'
• 'abcdef'
• 'ilikehamsters1'
• 'asdfghjkl'
• '1234567890'
• '(the current year)'
• 'scratch.mit.edu'
• 'ilove(sitename)'
• '111111'
• '654321'

In short, a bad password is one that is easily guessed or widely used.

## Ways to Make a Good Password

The xkcd comic demonstrating this section

### Misconceptions

A common misconception is that the way to make a strong password is by using common substitutions (such as @ for a, \$ for s, etc.) and adding numbers/symbols at the end. However, this actually does not result in a significantly stronger password as those are all trivial for a computer to guess. They do result in a password that is much harder to remember, though.

Capitalizing it or not actually only multiplies the number of combinations by two. The number of possible substitutions (e.g. 5) only multiplies the number of combinations by 2n, so for 5 possible substitutions, that would only multiply the number of substitutions by 32. Finally, the number of symbols at the end multiples the number of combinations by approximately 30n (assuming 30 common numbers/symbols). This means that a password with five possible substitutions, possibly capitalized, and with two symbols at the end multiplies the number of combinations by 2x25x302=57,600. Putting that on top of an uncommon base word which has about 170,000 combinations (the number of words in the Oxford English Dictionary), results in 170,000*57,000=9.8x109 combinations. This would take approximately 110 days to guess at 1,000 guesses per second.

### A Better Technique

A better technique to make a strong password is to use four or more common but random and unrelated English words strung together (e.g. "phoneticketdigitalscissors"). Although this at first may appear less secure, consider the math: there are about 3,000 words that account for 95% of usage in English. The number of combinations for n common words is 3,000n. This means that for 4 words, there are about 8.1x1013 combinations. At 1,000 guesses per second, that would take more than 2,000 years to guess.