There are two ways for bad guys to get your passwords.
They can ask. This is known as social engineering. It may take many forms, from a simple request for you to disclose this information, to phishing exploits or even to keylogging.
A brute-force attack is the more difficult method. A hacker must make multiple attempts to guess your password. Often brute-force attacks use lists of possible passwords. This is known as a dictionary attack.
The strength of a password can be measured by two components: entropy and length.
Entropy is another way of saying how random is your password. For example, 1234 is less random than (2e! and therefore easier to guess. There are 94 possible characters on a keyboard you can use in a password, excluding the space bar. Some characters like slashes are not allowed because they are reserved for system use. Upper and lower case letters are different. This is why some sites require us to use both upper and lower case in our passwords.
The length of a password also affects its strength. Each additional character significantly increases the difficulty of cracking your password using a brute-force attack.
Looking at some examples should illustrate this.
Source: Gibson Research Corp – www.grc.com/haystack.htm
The last password, RichardFrisch2!, is easy to remember but difficult to crack. It is the combination of length and entropy that gives it its robust encryption strength.
I suggest that when you create passwords make them long and memorable if you want to protect yourself from bad guys and faulty memory.
If you enjoyed this article, please consider sharing it!
