Everyone knows you should have a strong password, but what does that mean? In principle, it means generating the greatest entropy. That’s the cool way of saying “hard to guess for computers and humans.” Practically, it means choosing long, highly variable and random strings. The exact math behind calculating entropy changes depending on who you talk to. For this, I’ll be using this password strength tester as it takes into account common combinations. (e.g. ‘q’ is almost always followed by ‘u’ – so you don’t get points for that)
If you’re already bored, try your password out at http://howsecureismypassword.net
It will tell you how much time a common desktop computer will take to break your password.
Continuing on though, let’s look at some examples:
6 characters long, only numbers.
9.7 bits of entropy.
This is a terrible password. Not only is it on the list of 25 most popular passwords of 2012, it has very low entropy. With only digits 0-9 this would be broken in milliseconds by a password cracker or easily guessed by an average human.
8 characters long, only numbers.
13.6 bits of entropy.
It’s easy for me to remember: it’s my wife and daughters birthdays! It’s also easy to type! No one will ever guess! You’d think we’re getting better, but we’ve still limited ourselves to just numbers. Trivial for a computer to break. Easy to guess by looking at your Facebook profile.
8 characters long, numbers, upper and lowercase numbers and special characters.
38.3 bits of entropy.
It’s still easy for me to remember: it’s my wife and daughters birthdays! It’s not so easy to type though. As for entropy, this it the minimum you should have on your accounts.
25 characters long, all lower case
93.6 bits of entropy.
Does this surprise you? It should! It won’t work on some websites that demand you use upper and lower case passwords, but simply having a very long password composed of random words is quite effective! (credit goes to: xkcd) The key to this technique is random words. You can get long passwords by using Bible verses or Shakespeare, but you’re reducing the entropy by selecting words that commonly follow others.
So, how do your passwords fare?