Ever wonder how hard it is to crack your password? Well, you need not wonder any longer – Here is the formula:
Difficulty to crack a password = Character cases ^ Characters
Characters is the number of characters in your password. Character cases are all the possible characters you could enter in a password field. How many character cases are there?
- a-z = 26 lowercase letters
- A-Z = 26 uppercase letters
- 0-9 = 10 numerals
- Special characters on a standard keyboard (ex: ~!$%) = Appx. 32 special characters
Adding characters or character cases makes a password more complex, and thus, more difficult to guess. Here are some password examples
A weak password – 6 lower case characters = 26^6 = 308,915,776 combinations
This seems like a lot, until you consider that a brute force attack (one in which the hacker just tries password after password until he guesses the right one) can try 8 million times per second. At this speed, it would only take 38.6 seconds to guess your password.
Now, let’s see what happens if we add one character.
A slightly less weak password – 7 lower case characters = 26^7 = 8,031,810,176 combinations
A huge improvement, but this password can still be cracked in 16.7 minutes.
Now, let’s see what happens if we use all possible characters.
A slightly less weak password – 6 alphanumeric and special characters = (26+26+10+32)^6 = 689,869,781,056 combinations
Better still, but this password can still be cracked in just under a day.
Now, let’s look at an example of a good password.
A strong password – 16 alphanumeric and special characters = (26+26+10+32)^16 = 6.5913323e+54 combinations
That’s the number 659 followed by 52 0s!
At the same rate, it would take the hacker 2.6126222e+40 years to guess your password (or more than an order of magnitude over one nonillion eons). If they are that committed, I say they can have it.
You can now see how with using a few more characters and using a few more types of characters you can significantly enhance the strength of your passwords and prevent an otherwise would be intruder from gaining access to your accounts.
Of course, this is all very simplified. Most hackers aren’t going to try to attempt every combination of every valid character. More likely, they are going to try the 100 most common passwords, use a rainbow attack, or other similar strategy to hone in on the most promising potential passwords. Still, using a longer password with more possible characters is a simple and effective solution to make it more difficult to crack.
If you want to learn more about what makes a password “strong” and how password attacks work, please check out the Wikipedia page on Password Strength.
PS: For context, 2.6126222e+40 years looks like this: