Image for comnputer security
Protect your data with strong password

Complex password versus long password

Despite the growing awareness of cybersecurity (also referred to as computer security), in fact, many users still do not know enough about strong passwords. We all need strong passwords to protect our most valuable data in case of cyberattacks.

Despite the growing awareness of cybersecurity (also referred to as computer security), in fact, many users still do not know enough about strong passwords. We all need strong passwords to protect our most valuable data in case of cyberattacks.

In general, a password is an arbitrary string of characters including letters, digits, or other symbols.

A password need not be an actual word; indeed, a non-word (in the dictionary sense) will be harder to guess, which is a desirable property of passwords.

How to create a strong password? We can increase the length or add some special characters.

Which way is better?

The NIST Digital Identity Guidelines for the United States federal government favors longer passwords over complex ones. Why? Because it is easier to increase password combinations when increasing the power, not the base, of the exponential function.

Let’s see the mathematical arguments why longer passwords are better over complex ones.

For example, you have a password with eight characters and only uppercase and lowercase letters. That is 52 letters per character. The total number of all the combinations you can make out of those letters is 52 to the power of 8, or 53,459,728,531,456.

Let’s try to make this password stronger.

We keep the same length at 8 characters and to add some numbers or special characters to the password. Let’s calculate: the total number of combinations to crack in this case is 72 (52 letters plus 10 numbers plus 10 special characters) to the power of eight, or 722,204,136,308,736. Will be the password stronger? Yes, the password strength will increase by approximately 13 times, but, the password will be harder to remember. There are more chances that the user will just write it down somewhere, this is not a good strategy.

Let’s try another way. we will keep the characters as only upper case and lowercase letters (total 52) but let’s require a couple of more characters in the password (10 instead of 8).It is not much harder to remember 10 letters vs eight. Will be the password stronger?

Yes! The total number of combinations to crack in this case is 52 in power of 10. 144,555,105,949,057,020. Adding two additional characters is almost 1,000 times better than adding numbers and characters for the same length without the risk that the password will become impossible to remember.

What will happen if we add two more characters to the password with only letters?

The length of the password becomes 12 and the number of combinations becomes 390,877,006,486,250,200,000.It is one million times better than 8-character password with special symbols! Still, a 12-characters password that contains only letters sounds like a reasonable thing to remember — just pick a phrase that combines few words.

The summary: a longer password is better.

Try extending the length of your passwords to more than 12 characters by combining words.

Let’s make the digital world more secure — together.

Mark Klinchin

PREVIOUS ARTICLE NEXT ARTICLE