Passwords are a required nuisance of the online world, at least until we get chips implanted in our wrists, eyeball scanners, or thumbprint-coded access to our computers ... you know, the stuff of sci-fi novels and movies, which is actually closer than you think. But until then, it's still our job to keep a whole passel of passwords in mind to access this, that, and the other. It is estimated that, over the course of our lifetime, the average person has 80 passwords.It's important to have good, strong passwords. As the character Avi says in the novel Cryptonomicon, I want this information to remain secure as long as men are capable of evil. Certain ne'er-do-wells see each of us as a big fat piggy bank to be knocked off a shelf, so it's in our best interest to be as careful as we can. This includes something you've probably heard your office's Information Security czar say: "Please don't write down your password." The best password in the world, if it's stuck to your monitor with a Post-It note, is just like not having a password at all.
With many sites and services requiring more stringent and complex passwords, password management certainly isn't getting any easier on people. However, it is all for a good reason: protecting the security and privacy of our online presence, whether it's a Facebook profile or a bank account ... or even with us!
So, about that password complexity thing -- why are companies moving in this direction? The simple answer is, "The more possible characters there are in any place in a password, the harder it is to crack."
While it may not seem like a big deal to go from only lowercase letters (of which there are 26) to lowercase letters plus numbers (36), just making that small change increases the time it would take to randomly guess an 8-character password by 13 times. By including both upper- and lowercase letters and numbers (62 characters now), that same 8-character password takes a thousand times longer to guess. Including various symbols ($, &, ! and so forth) brings the possible character count up to 93, and our 8-character password takes nearly twenty-five thousand times as long to guess as it did when it was just eight letters.
And that's sticking to only eight characters for your password. If you add just one more, even with the easiest-to-guess character group (lowercase only), you'll have made it nearly thirty times tougher on the bad guy. Ramp the complexity all the way up, and that ninth character pushes the horizon for cracking the password up by a factor of about two and a half million times.
Let's take a moment to illustrate the difference in each of these levels of complexity with a sample password, going from weak to strong:
- Difficulty 1: password
- Difficulty 13: passw0rd (substitute a zero for the letter o)
- Difficulty 1000: Passw0rD (add a mix of upper- and lower- case letters)
- Difficulty 25,000: P@ssw0rD (substitute a symbol for one of the letters)
- Difficulty 2,500,000: P@ssw0rDs (add one additional character)
[Image credit: Max (Tj)]
Say Something