Use a URL as a Strong Password? #CrazyTalk

It would take a computer about 112 SESVIGINTILLION YEARS to crack your password

I don’t know if this is actually a good idea or not, but hear me out (and please comment below!):

Can a URL be used as a strong password?

Laziness is the Mother of Invention

This morning I was walking the dog, futzing with my phone, and trying to sign up for a new social network. The app asked me for a password, and I didn’t want to use my standard low-security, easy-to-type-on-a-smartphone-with-one-hand password (because low security passwords are a bad idea). I wanted to follow good practices for creating strong passwords and I was in the mood for a lazybones way to do it.

walking the dog

My phone has an awesome custom keyboard called TouchPal that has its own clipboard manager which allows me to pull up a list of the last few things I’ve copied to the clipboard and paste them into new things.

The clipboard manager on TouchPal keyboard

Today, when prompted to come up with a password for a new app, I looked in my clipboard history and found a URL for an image I had recently copied and pasted somewhere else:

I pasted it into the app, it accepted it (apparently it doesn’t limit password characters, which is great), and my password manager stored it so I can always just paste it in when I login.

How Secure is That?

It hit me that this URL fits most criteria for a strong password – it’s got 53 characters (!!!) made up of letters, numbers, and punctuation, which, although it doesn’t have capitals, still makes it a pretty strong password.

It’s not on the most common passwords 2016 list, and it doesn’t contain easy to guess life details like birthdays, pet names, child names, sports teams, anniversaries, or the word “password”. It’s not even a URL that’s near and dear to my heart, like my website or something — just a complete RANDOM, Strangers on a Train – style image URL that happened to be handy at the time.

In fact, according to, would take a computer about 112 SESVIGINTILLION YEARS to crack your password!!! That’s by far the highest score I’ve ever seen on that site, and is probably the biggest number I’ve ever heard of anywhere, BTW.

It would take a computer about 112 SESVIGINTILLION YEARS to crack your password

Is that Crazy?

So now, I fully invite you to ridicule me publicly if you think this is a stupid idea, but is there any real science around this? Under what circumstances would it be OK to copy and paste a URL as a strong password? Or maybe use the XKCD method and paste in a random string of words and spaces? What do you think?


Liked this post? Follow this blog to get more. 

Written by

Ted Curran is a Learning Experience Designer/Developer for Autodesk. He is committed to empowering educators and learners to create transformational change through effective pedagogy and technology integration. You can follow Ted on Mastodon, LinkedIn or learn more at my 'About" page. These thoughts are my own.

You may also like...


This site uses Akismet to reduce spam. Learn how your comment data is processed.