When creating a new password to secure an account, many face the challenge of balancing convenience and security—in other words, creating a password that is both memorable and compliant with a strong password policy (e.g., one uppercase letter, one lowercase letter, one special character, minimum length of 14 characters, etc.) Password manager applications such as LastPass offer a solution for this, however the problem still exists when it comes to creating the “Master Password.” You’ll still need to come up with a strong master password to unlock the password manager’s vault.
There are plenty of strategies to create a reliable master password. For example, you could memorize a seemingly random combination of letters and symbols, but the longer the password, the harder it is to recall, which generally results in people creating weaker passwords that are easier to recall for master password. Alternatively, you could get creative by forming a string of nonsense using the first two letters of each member’s first name from your favorite band. If you type it frequently to unlock your manager, you’re less likely to forget it. But what happens if you only access it occasionally? Would you remember which band you used, or did you add your birth year or a special character? A simpler route would be to just use actual words, but this approach is risky. Hackers often use “dictionary attacks,” where they test combinations of words from the dictionary to crack a password. Modern hardware enables attackers to run millions or even billions of guesses per second on offline files (like a leaked database) containing encrypted passwords. Even if users add more words to strengthen their password, attackers can always use more powerful tools and computers to make more millions of guesses per second.
Most attackers target the dominant language of their intended victims, and if their targets are bilingual, they might employ common dictionary words from both languages. But consider this: what if you could expand your pool of words beyond a single language? Instead of using just English, why not incorporate words from a variety of languages, replacing accented characters with their closest non-accented equivalents? For instance, you could create a password by stringing together foreign translations of “hello”: “bonjour” (French), “hallo” (German), “namaste” (Hindi), “ciao” (Italian), “nihao” (Mandarin), “privet” (Russian), and “hola” (Spanish). This creates “hellobonjourhallonamasteciaonihaoprivethola”—a 43-character password. Add in any special characters or numbers and you have an exceptionally strong password.
Of course, you probably shouldn’t use “hello” itself as your base word, but the idea remains. With thousands of languages spoken all over the globe, it’s improbable that attackers would ever expand their search to include such a broad range of languages. Doing so would exponentially increase the number of permutations they’d need to test, and its doubtful attackers would invest more time and resources just to crack a few unconventional multi-language passwords. Sometimes, thinking beyond English has its benefits.