Why You Need a Strong Password

Why You Need a Strong Password

Using a strong password is very important for any online accounts you use. Especially if they are used for business-critical information. But just how strong is strong? And what actual difference does it make?

Strong passwords (as we are all constantly reminded!) need to use a mix of upper and lowercase letters, some numbers and also some symbols. However, it’s not always obvious how much difference these extra additions can make. To figure that out you need to understand a little about how passwords are broken.

The easiest method for hackers is to try passwords that people have used before. Lots of users like to re-use passwords, it definitely makes life easier. But it also makes life easier for hackers. 

When websites are hacked, any passwords found are often shared online. These passwords are then used to make ‘dictionaries’ to try on other sites. This is why it is very important to use a unique password for every site. Trying every password contained in one of these dictionaries can be done in seconds with a modern computer.

Using a random string of characters makes these dictionary attacks less likely to work, which means the hacker has to resort to brute force attacks. Attacks like this involve using a computer to try every possible combination of characters in order to guess a password.

That sounds like it should take a long time, and it would if a human was doing it. But, if you only use lower case letters, a modern computer can try all the possible combinations for an eight-character password in less than a minute. Adding in uppercase letters, numbers and symbols can increase that time to eight hours.

Number of CharactersLowercase characters onlyAt least one uppercase characterAt least one uppercase character & numberAt least one uppercase character & number & symbol
1Under 1 minuteUnder 1 minute
2Under 1 minuteUnder 1 minuteUnder 1 minute
3Under 1 minuteUnder 1 minuteUnder 1 minuteUnder 1 minute
4Under 1 minuteUnder 1 minuteUnder 1 minuteUnder 1 minute
5Under 1 minuteUnder 1 minuteUnder 1 minuteUnder 1 minute
6Under 1 minuteUnder 1 minuteUnder 1 minuteUnder 1 minute
7Under 1 minuteUnder 1 minute~1 minute~6 minutes
8Under 1 minute~22 minutes~1 hour~8 hours
9~2 minutes~19 hours~3 days~3 weeks
10~1 hour~30 days~7 months~5 years
11~1 day~5 years~41 years~400 years
12~3 weeks~300 years~2,000 years~34,000 years

Obviously, that means that it is even safer to add in more characters, more symbols and more numbers. As you can see from the table above, just adding two more characters can increase the time taken to guess all the possible combinations to 5 years.

That’s why a 12 character password, with a combination of uppercase letters, numbers and symbols, is recommended. Any hacker would have to be very lucky indeed to guess your credentials with a brute force attack on a password that strong!