The way Reverse Dictionary works is pretty simple. It simply looks through tonnes of dictionary definitions and grabs the ones that most closely match your search query. For example, if you type something like «longing for a time in the past», then the engine will return «nostalgia». The engine has indexed several million definitions so far, and at this stage it’s starting to give consistently good results (though it may return weird results sometimes). It acts a lot like a thesaurus except that it allows you to search with a definition, rather than a single word. So in a sense, this tool is a «search engine for words», or a sentence to word converter.
I made this tool after working on Related Words which is a very similar tool, except it uses a bunch of algorithms and multiple databases to find similar words to a search query. That project is closer to a thesaurus in the sense that it returns synonyms for a word (or short phrase) query, but it also returns many broadly related words that aren’t included in thesauri. So this project, Reverse Dictionary, is meant to go hand-in-hand with Related Words to act as a word-finding and brainstorming toolset. For those interested, I also developed Describing Words which helps you find adjectives and interesting descriptors for things (e.g. waves, sunsets, trees, etc.).
In case you didn’t notice, you can click on words in the search results and you’ll be presented with the definition of that word (if available). The definitions are sourced from the famous and open-source WordNet database, so a huge thanks to the many contributors for creating such an awesome free resource.
Special thanks to the contributors of the open-source code that was used in this project: Elastic Search, @HubSpot, WordNet, and @mongodb.
Please note that Reverse Dictionary uses third party scripts (such as Google Analytics and advertisements) which use cookies. To learn more, see the privacy policy.
I’ve been getting a lot of comments from all over the place asking, or even telling me, that using words in passwords is bad.
The typical answer they tell me is that words in passwords are vulnerable to dictionary attacks.
There is so much to unpack here, but in general, it’s okay to use dictionary words in your passwords if done right.
Many people misunderstand what a dictionary attack is, and it doesn’t help that a lot of bad advice has been given throughout the years that not only make people less secure but complicates things even more.
What Do They Mean When They Say To Not Use Dictionary Words?
It’s okay to use dictionary words in your passwords or passphrases, so long as it’s done right.
When they say not to use a dictionary word, they mean you can’t use just one dictionary word or other common and simple passwords. So for example, don’t use…
- password
- monkey
- apple
- 123456
- iloveyou
Or any variation…
- Password1
- Monk3y?
- @pple5
- 123456789
- il0v3y0u!
Using single words, common passwords, and simple substitutions is what they mean when saying to watch out for a dictionary attack.
A dictionary attack is when they try to guess your password from a list of already known passwords, such as single words from an actual dictionary to already cracked passwords. For example, “princess”, “Password123”, “123456”, “qwerty”, “iloveyou”, and other common passwords would be in the dictionary list that the attacker will use to guess your passwords; you need to avoid such passwords.
What is okay to use is multiple randomly generated words. Multiple random words is a passphrase and it’s one of the best passwords you can use.
The more important the thing you want to protect the more words you should use. A security question, 2 or 3 random words. A master password to a password manager, 4 or 5 words. Throw in a random number and that makes for a great password, for example, Bitwarden generates passwords like “groom3-espresso-harbor” which is more than fine for a Netflix password and easy to enter on a TV remote too!
Why Random Passphrases Make Good Passwords
There are several reasons why passphrases are the best kind of password.
- They’re easy to type.
- They’re easier to remember than some gibberish.
- Less likely to make a mistake with them.
- They’re naturally long.
The most common way to make a passphrase is to use generators built into Bitwarden or 1Password. These generators have 7,776 or 18,000 words to pick from, and that is where the magic comes from.
People suck at making passwords and often use the 1,000 most common words and passwords or, even worse, use a child or pet’s name for a password. This is why people say not to use dictionary words; people pick simple things, so it’s easier to tell them not to use any dictionary word. But this only makes people more confused and compounds more lousy advice.
Passphrase generators pick from a much larger pool of words and do so more randomly. So with a passphrase generator making the password for you, it means you have a much stronger password that is also easier to remember, type, and use.
How Strong Are Random Multi-Word Passphrases?
To give you an example of how strong a random passphrase can be, the passphrase…
lazy-cube-finicky-gnat
Is just as strong as…
oP?45Zs24
But “lazy-cube-finicky-gnat” is far easier to remember, and if it were just a pure-brute force guessing attack, it would also take much longer to crack the “lazy-cube-finicky-gnat” than it would “oP?45Zs24”.
Both passwords are about 51 bits of entropy (higher is better), but one is far easier to deal with than the other. To give you an idea, the password “Y3llowD0g!Love$” is only 35 bits of entropy and most people’s passwords are far weaker than that.
How The Password Is Stored Matters Too
How passwords or passphrases are stored matters, especially when it comes to password managers.
Most password managers will hash your master password multiple times to strengthen it. Hashing is a way to store your password without knowing it; think of it as using a blender; if you put in the same ingredients and blend for the same time every time, you get the same results. You can extend that blending time so much that it makes it very time-consuming for an attacker to guess your ingredients or password.
To give you an example, the passphrase “lazy-cube-finicky-gnat” would cost about $2.5 million when hashed 100k times.
If that passphrase was only hashed once instead of 100k times, it would cost about $25 to crack.
You can see that iterating the password multiple times is a great way to slow down an attacker without it costing you, the user, anything noticeable.
Going to 1 million iterations would cost $25,537,980, but if you added just one more word and kept it at 100k iterations, it would cost $19,858,326,783. So increasing the iterations makes it linear harder to crack but adding one more word makes it exponentially harder.
Cryptocurrencies Use Words
Another reason why using random words in passphrases is okay is that cryptocurrencies use them for their seed phrases.
A seed phrase is 12 or 24 random words that make up the random private key that is used to create all your coins on the blockchain. Think of it as a seed, you plant the same exact seed, and you will grow the same tree with the same branches, with those branches being each of your coins.
A 12-word crypto phrase would look like…
local mansion right mouse simple weird general grunt course utility soul guide
What’s interesting about the cryptocurrency seed phrases is that the word list they use only consists of 2,048 words instead of Bitwarden’s 7,776 or 1Password’s 18,000. They like using shorter and easier words, so there are fewer of them, but at 12 words and one iteration, it would cost about $38,029,518,006,846,883,000,000,000 to crack, so you’re still safe.
If using words in a password were bad, then the whole cryptocurrency world would not use them to store all their money.
We’re talking trillions of dollars relying on 12 or 24 random words. The problem isn’t that you use words but how many of them you use and who picked them.
Why Randomness Is More Important Than Length
Another misconception people have is that length is the most important factor.
Length is very important, but simply making an easy password like “Fluffy” into “Fluffy123” doesn’t mean it’s that much better. It is longer and does have more entropy, but the entropy added is not much.
Using zxcvbn to calculate the entropy (higher is better), the password “Fluffy” gets 9.63bits while “Fluffy123” gets 13.21 bits.
Also, computers are getting smarter and now can piece together words that relate to each other very well using Markov chains. This video is long but does a great job explaining that longer passwords are not as important as random passwords.
What matters the most is that you don’t pick your passwords and use a password generator instead. This is easy to do with a password manager. As for passwords you’ll need to manually type in, use passphrases like “lazy-cube-finicky-gnat” we talked about earlier.
Of course, don’t use any passwords or passphrases I used in this article.
In my personal experience working as a pentester, unless I was specifically targeting your account, the dictionaries I typically use when brute forcing lists of user accounts generally covered a list of common dictionary words, common 1337-style number substitutions (3 for E e.g.) and SOME common phrases.
Hackers and security groups actually do statistical analyses of actual passwords (like those disclosed from data breaches) and use the results to add new passwords to the list of passwords to use.
If I am specifically targeting your account, then I use more complicated password generator options, like simple dictionary, compound dictionary (putting 2 or more words from the dictionary together), 1337 substitution, or other common tricks, like I’ll have each password tried with a ! at the end as this is the most common location to put special characters, and this is the most common special character.
I see dictionary word as substring as less of an issue than far more common password weaknesses. The three biggest things you can do to increase the security of your password is to:
- mix in multiple character classes (upper, lower, number, special chars)
- LENGTH!! (min. 9 chars)
- Don’t use secure passwords on insecure sites (so that wellsfargo != sony
)
)Since others have explained the password entropy issue in detail, I’ll address your other concern:
But I also remember a windows program that used to crack windows passwords by finding dictionary words within the larger password.
It’s true that — assuming an attacker have access to a computer you’ve used — some programs can scan the persistent storage searching for good password candidates. This is possible not only in case of written down passwords, but there’s also a chance that a password once present in the computer’s memory (just after being typed, for instance) ends up in the virtual memory, swap files, core dumps, etc.
The only program of this type I know of, AccessData’s Forensic Toolkit, scans the hard drive for «every printable character string», as described in this Bruce Schneier post. In principle, it does not make passwords containing dictionary words weaker (since all passwords will consist of «printable characters»), however the way the program sorts this string set before feeding it to a password guesser might have an impact on how likely it will be found. Quoting the post:
When attacking programs with deliberately slow ramp-ups, it’s important to make every guess count. A simple six-character lowercase exhaustive character attack, «aaaaaa» through «zzzzzz,» has more than 308 million combinations. And it’s generally unproductive, because the program spends most of its time testing improbable passwords like «pqzrwj.»
In other words, having a huge set of strings won’t necessarily help you even if one of them is the password you’re looking for, since you have no way to recognize it as a password before testing it (against a hash or an online service). But if you sort this set according to some heuristics dictating «how likely this string is a password», then including dictionary words to it might move it closer to the top of the priority list, increasing the likelyhood it will be found in a timely manner.
That’s why I advocate using the first letters of each word in a phrase, instead of using the words themselves. Sure, you’d need a longer phrase to achieve a similar level of entropy, but you’ll end up producing a password that «looks like» garbage, instead of one that looks promising. But YMMV.
What is another word for Password?
-
countersign
watchword, word
-
watchword
secret word given for entry
-
word
thing, secret word given for entry
-
parole
watchword, secret word given for entry
-
signal
thing, word
-
open sesame
watchword, secret word given for entry
-
catchword
thing, word
-
shibboleth
thing, word
-
sign
word of identification
-
key
secret word given for entry
-
ticket
-
identification
-
phrase
-
key word
watchword
-
pass
-
code word
-
permit
-
secret
-
passport
-
opener
-
slogan
-
code
-
token
-
keyword
-
magic word
watchword
-
words
-
skip
-
omission
-
gap
-
mystery
Use filters to view other words, we have 189 synonyms for password.
Filters
Filter synonyms by Letter
A B C D E F G H I K L M N O P R S T U V W
Filter by Part of speech
noun
phrase
verb
Suggest
If you know synonyms for Password, then you can share it or put your rating in listed similar words.
Suggest synonym
Menu
Password Thesaurus
Definitions of Password
Password Antonyms
External Links
Other usefull sources with synonyms of this word:
Synonym.tech
Merriam-webster.com
Thesaurus.com
Collinsdictionary.com
Wiktionary.org
Photo search results for Password
Image search results for Password
Cite this Source
- APA
- MLA
- CMS
Synonyms for Password. (2016). Retrieved 2023, April 13, from https://thesaurus.plus/synonyms/password
Synonyms for Password. N.p., 2016. Web. 13 Apr. 2023. <https://thesaurus.plus/synonyms/password>.
Synonyms for Password. 2016. Accessed April 13, 2023. https://thesaurus.plus/synonyms/password.