A good password has three attributes: it’s long, it’s difficult to guess and it is easy to remember.
Notice that I did not mention that it needed a mix of upper case, lower case, some punctuation but not others and cuneiform characters. Nor did I mention that you have to change it twice a day.
Hackers have a database of the most commonly used million or so passwords. Mostly these are dictionary words with some modifications like adding 123 or @ for A and 3 for E.
If you are using one of these, then they’ll hack you in under a minute. Otherwise, they can use brute force. There are 26 letters (upper case an lower case) and 10 numbers (with associated punctuation) for a total of 72 characters. The hacker has to try every possible combination.
Assuming that the $illy @ss rules of the site allow all these characters each time another character is added to the password, the amount of time it takes to crack is multiplied by 72.
I think that passwords should be longer than 10 characters. Most of mine are over 20.
One of my former passwords (I still remember it after 20 years) was baseball_Ruth_60HR_1927. Babe Ruth hit 60 home runs in 1927.
There are programs on line that evaluate the strength of passwords. According to one, the Ruth password would take 16 septillion years to crack. That’s 16 with 24 zeros following it. The universe hasn’t been around that long.
Even the password Ten_Letters (which is 10 characters) takes 96 years to crack
You don’t have to be that good. Most hackers are going after low hanging fruit and will abandon the attempt if it’s taking more than a minute to hack. Now if your name is Amazon, Bank of America, IRS or NSA, you might want to have a passwords that takes a septillion or two years to crack.
Don’t think in terms of pass WORDS, think in terms of pass PHRASES. If you are a sports nut, use statistics; history buff, use events and dates ; like to cook? use part of a recipe.
A good password has three attributes: it’s long, it’s difficult to guess and it is easy to remember.
Notice that I did not mention that it needed a mix of upper case, lower case, some punctuation but not others and cuneiform characters. Nor did I mention that you have to change it twice a day.
Hackers have a database of the most commonly used million or so passwords. Mostly these are dictionary words with some modifications like adding 123 or @ for A and 3 for E.
If you are using one of these, then they’ll hack you in under a minute. Otherwise, they can use brute force. There are 26 letters (upper case an lower case) and 10 numbers (with associated punctuation) for a total of 72 characters. The hacker has to try every possible combination.
Assuming that the $illy @ss rules of the site allow all these characters each time another character is added to the password, the amount of time it takes to crack is multiplied by 72.
I think that passwords should be longer than 10 characters. Most of mine are over 20.
One of my former passwords (I still remember it after 20 years) was baseball_Ruth_60HR_1927. Babe Ruth hit 60 home runs in 1927.
There are programs on line that evaluate the strength of passwords. According to one, the Ruth password would take 16 septillion years to crack. That’s 16 with 24 zeros following it. The universe hasn’t been around that long.
Even the password Ten_Letters (which is 10 characters) takes 96 years to crack
You don’t have to be that good. Most hackers are going after low hanging fruit and will abandon the attempt if it’s taking more than a minute to hack. Now if your name is Amazon, Bank of America, IRS or NSA, you might want to have a passwords that takes a septillion or two years to crack.
Don’t think in terms of pass WORDS, think in terms of pass PHRASES. If you are a sports nut, use statistics; history buff, use events and dates ; like to cook? use part of a recipe.