Why You Need a Strong Password
Using a strong password is very important for any online accounts you use. Especially if they are used for business-critical information. But just how strong is strong? And what actual difference does it make?
Strong passwords (as we are all constantly reminded!) need to use a mix of upper and lowercase letters, some numbers and also some symbols. However, it’s not always obvious how much difference these extra additions can make. To figure that out you need to understand a little about how passwords are broken.
The easiest method for hackers is to try passwords that people have used before. Lots of users like to re-use passwords, it definitely makes life easier. But it also makes life easier for hackers.
When websites are hacked, any passwords found are often shared online. These passwords are then used to make ‘dictionaries’ to try on other sites. This is why it is very important to use a unique password for every site. Trying every password contained in one of these dictionaries can be done in seconds with a modern computer.
Using a random string of characters makes these dictionary attacks less likely to work, which means the hacker has to resort to brute force attacks. Attacks like this involve using a computer to try every possible combination of characters in order to guess a password.
That sounds like it should take a long time, and it would if a human was doing it. But, if you only use lower case letters, a modern computer can try all the possible combinations for an eight-character password in less than a minute. Adding in uppercase letters, numbers and symbols can increase that time to eight hours.
| Number of Characters | Lowercase characters only | At least one uppercase character | At least one uppercase character & number | At least one uppercase character & number & symbol |
|---|---|---|---|---|
| 1 | Under 1 minute | Under 1 minute | ||
| 2 | Under 1 minute | Under 1 minute | Under 1 minute | |
| 3 | Under 1 minute | Under 1 minute | Under 1 minute | Under 1 minute |
| 4 | Under 1 minute | Under 1 minute | Under 1 minute | Under 1 minute |
| 5 | Under 1 minute | Under 1 minute | Under 1 minute | Under 1 minute |
| 6 | Under 1 minute | Under 1 minute | Under 1 minute | Under 1 minute |
| 7 | Under 1 minute | Under 1 minute | ~1 minute | ~6 minutes |
| 8 | Under 1 minute | ~22 minutes | ~1 hour | ~8 hours |
| 9 | ~2 minutes | ~19 hours | ~3 days | ~3 weeks |
| 10 | ~1 hour | ~30 days | ~7 months | ~5 years |
| 11 | ~1 day | ~5 years | ~41 years | ~400 years |
| 12 | ~3 weeks | ~300 years | ~2,000 years | ~34,000 years |
Obviously, that means that it is even safer to add in more characters, more symbols and more numbers. As you can see from the table above, just adding two more characters can increase the time taken to guess all the possible combinations to 5 years.
That’s why a 12 character password, with a combination of uppercase letters, numbers and symbols, is recommended. Any hacker would have to be very lucky indeed to guess your credentials with a brute force attack on a password that strong!