On editorial discussion of the topic, one computer elf asked if their childhood phone number were the perfect password since it was easy to remember and unlikely for anyone else to know. Assuming it’s ten digits, let’s quick look at what a computer program has to do to crack that password.
Remember, passwords can later be hashed or further encoded so they’re unreadable to humans. So that ten-digit phone number passed through Wordpress Salted hash might look like $P$BZtq.o.P9u9rMMBGb..40XUZ2kVf3v. where full-stops (periods) are parts of the hash. This one presented is bogus, so don’t waste your time on it!
Cracking that hash pits the known format, Wordpress, against an alphabet, dictionary of known passwords or some password guessing. Password guessing takes a computer AGES because it goes through character by character attempting every combination. aaa through ZZZ
With letters, each possible character to solve is tested against 26 possible letters, 52 if there’s Upper Case. With numbers, as the childhood phone number, each character is tested against only 10 digits. So a ten-digit password of numbers is 10^10 which is a lot of possibilities, but far fewer than 52^10
Even a strong computer will tax itself for time and heat lurching from aaaaaaaaaa to ZZZZZZZZZZ where the second of so many guesses will be aaaaaaaaba and moving from 0000000000 to 9999999999 will take significantly less time and get cracked sooner.
This all means that a longer password utilizing non-words and borrowing from the four alphabets (lower case, upper case, digits, and special characters) will present an enormous difficulty to password guessing software. Phone numbers might be combined with birth month abbreviations, initials or favorite author. That’s a better start along the same lines of being easy to remember, but hard for a human to guess.