What makes a strong password? Is it better to have longer passwords or more complex passwords? And if you make a long random list of numbers, letters, and symbols how do you remember it?
One solution that is becoming more and more popular are password managers. By using a password manager you now only have to remember one password that will then give you access to everything else you need a password for. But even then that one password had better be good. By adding in symbols and case sensitive entries you can really hinder any attempts at brute force attacks.
To give an idea of how effective brute force attacks can be on passwords, lets say that you used a pet name or something similar as your password. My dog’s name is Wendy. That’s five characters, one of them capitalized. That password is broken in less than a tenth of a second in some fast attack scenarios. What if I add a number? “Wendy5” gets us to just over a half second. Let’s add a symbol. “Wendy5!” gets us to just under 12 minutes. Still very insecure, but a huge jump in time taken by comparison, and still only seven characters long.
What if instead of making the password more complex we just made it longer, even removing the capital at the beginning. “wendyisagooddog” is fifteen characters, all lowercase. But it would take up to 5.55 centuries to brute force that password. On the other hand anyone that knows me might be able to easily guess that password, so it may not be as secure as it seems.
What if we put all of this together? “W3nDy!stH3b3StD@g” has a search space size of 4.23 x 10³³. It would take 13.44 trillion centuries to cover all that space with one hundred billion guesses per second. Now that’s one effective guard dog.
A good way to change our mindset and make all of our passwords more secure would be to start thinking of them as pass phrases and to make them as unique as we can. Passwords should not be used in multiple log ins and should not be easily guessed even by people we know. Complexity is also important but passwords must be longer as well to ensure security from brute force attacks; the longer the better. With just a few changes in mindset we can make all of our passwords much more secure.