What makes a strong password?
With all the data breaches we see on the news these days, it can sometimes be scary to trust companies with your sensitive information. However, in many cases, sensitive data is gained by an attacker taking advantage of users implementing weak passwords. Today, we will look at some examples of weak/strong passwords and what you can do to help ensure your data is safe online.
What Makes a Password Weak/Strong?
Generally speaking, the strength of a password is determined by three things: the length of the character set used, the length of the password itself, and to a lesser extent, the variety in characters chosen. First, let’s discuss the length of the character set. A character set in this sense is basically what it sounds like: a set of characters from which you can pull from to create your password. Most passwords allow you to use all characters on your keyboard so the character set in most cases would be all lowercase letters, uppercase letters, digits, and special symbols such as asterisks and ampersands. Longer character sets allow for stronger passwords when properly utilized. Think of it this way: say someone asks you to pick a number from 1 to 10 and another number from 1 to 100. Which would be easier to guess correctly? The answer, of course, is the number from 1 to 10 because there are fewer possible numbers to choose from. The same concept applies when choosing a password.
Second, the length of the password is another very important metric for determining password strength. Even if you are creating a password from a large character set, if it is only a few characters long, attackers can still guess or crack this password relatively easily. We recommend a minimum length of 8 characters. This is a very important part of password strength. For example, a 12 character password has the potential to be quite a bit stronger than an 8 character password.
Lastly, make sure to use a good mixture of characters in your password. A lengthy character set with a lengthy password is no good if you have the same character repeated over and over as a password. The majority of websites will allow you to use most (if not all) characters on your keyboard, but it is up to you to actually use a good variety. An optimal password will contain a mixture of lowercase letters, uppercase letters, digits, and symbols.
How do the factors determine password strength?
Here’s a chart that shows the relative strength of passwords, calculated against modern brute force attacks. It’s worth mentioning that as technology advances and brute-force abilities increase, these passwords become weaker. As indicated by the calculations, password character length is the major factor that determines password strength.
Final Word on Password Strength
Although an optimal password consists of many different types of characters and is very lengthy, there, of course, needs to be a balance between security and how well you can recall the password. A common technique to help balance these two is to substitute letters for numbers/symbols that look like those letters. This is typically a good practice as long as the password is lengthy, but attackers also know about these techniques and will search for such passwords as well. Finally, tacking on a few extra numbers/symbols to the end of the password can go a long way to keep attackers at bay. Just be sure to have some sort of mnemonic device in your head to help remember these extra characters.
Overall, a solid password structure can help with making your accounts more secure. If you have any further questions about password strength or any other factors regarding cyber-security, feel free to reach out to the experts at SandStorm IT at 901-475-0275.