[ad_1]
Everyone these days needs to have an array of passwords to access all the websites, apps, online resources and devices that surround our daily lives.
We are constantly being urged to make our passwords difficult to guess or crack – use upper and lower case, number, and special characters to make it super safe, but is this really correct?
We all know that it’s not good practice to use a dictionary word as a password such as ‘monkey’ or ‘password’ so we mix it up by adding numbers and other characters in order to fool the common or garden dictionary attack because ‘monkey!2’ is much more difficult to crack – isn’t it?
The answer to the above question is actually ‘No’ – sure, ‘monkey!2’ is going to be harder to guess than ‘monkey’ on its own, but the key to generating a really secure password is its length, NOT its complexity.
How does this work?
If we assume that your password is not in the dictionary, then the only way to crack it is by a ‘brute force’ attack whereby an attacker will have to guess every possible combination of letters, numbers, and special characters until they get to your password.
So, in the standard ASCII character set there are 26 letters of the alphabet, each of which could be upper or lower case, plus ten single digits, and thirty three special characters.
Now, we need to do some mathematics to determine how many combinations need to be calculated to cover a password of any length – lets first assume that you have a one character password, the maximum number of guesses needed to crack this password is 95 (Each of the letters of the alphabet both upper and lower case, each digit, and each special character – 26+26+10+33)
So, if we extend that password to a two character password then the possible number of combinations is now 9025 (95 x 95). For a three character password, the number of combinations are 857375 (95 x 95 x 95). If we now make that a ten character password the total possible number of combinations is a whopping 60,510,648,114,517,017,120.
If we have a machine guessing an impressive one hundred billion guesses PER SECOND it will take a maximum of 19.24 years to guess this password which is probably secure enough for most people.
However, if we add just one more character it now becomes 18.28 CENTURIES – easily enough for anyone.
Given the above information then, which of the following two passwords is the most secure?
- rf65AD$%bAQ or
- ‘Mypassword1.’
It should come as no surprise that the second will take longer to guess (1740 centuries compared to 18.28 centuries for the first) purely because it has one more character.
It’s now just a short step to put this into practice and make some really long and difficult to crack passwords that we can remember quite easily. All you need to do is to come up with a personal password algorithm and be creative in making some easily remembered (for you) but difficult to crack passwords. How about something like ‘MyEbayPassword#1’ or ‘EmailPassword#1983’ – both of these will take thousands of centuries to guess.
Caveat
For full security still use all these available character types to keep the number of possible combinations as high as possible, but if you find those difficult to remember, then don’t forget that ‘Cat… ‘ is still more secure than ‘rf65AD$%bAQ’
[ad_2]