By now, you’ve probably had quite a lot of of your friends or co-workers e-mail you “from an internet cafe” about being “stuck in Turkey” after “losing their passport and wallet…” Their desperate appeal for you to send cash as soon as possible is a dead give-away that somebody has hacked their email account. Why is this so common? Their passwords weren’t strong enough.
One would assume that a strong password is one which incorporates special characters, numbers, uppercase and lowercase letters. This could be true, however it has been shown that all a password needs to be is lengthy. Let’s check out two passwords and compare their strength.
First, take a password that is considered strong. Microsoft offers “H3ll02U!” as an example of a strong password on their “Tips for creating a strong password” web page. They consider it strong because it makes use of uppercase letters, lowercase letters, numbers and symbols. However this is still a typical phrase with frequent number-letter replacements. Password crackers that understand that people use typical phrases and words with numbers changing particular letters or shortening the words, won’t be fooled by these techniques. This password is simply 10 characters, which has about 20 quintillion (20 followed by 18 zeros) combinations including special characters. That sounds strong, doesn’t it?
Secondly, take a 5 word random sentence like “ILikeCheesyGoldfishCrackers”. This password is lengthy, has upper and lowercase letters, is straightforward to remember and really tough for a password cracker to guess. Just 5 words in English, of which there are more than one million, would produce over 1 nonillion combinations (that’s a 1 with 30 zeros). If a cracker was guessing by the 27 characters in “ILikeCheesyGoldfishCrackers”, assuming just upper and lowercase letters, it will take up to quattuordecillion guesses. That’s a 1 with forty five zeros, so it becomes obvious that lengthy passwords are actually stronger passwords.