July 3, 2024

How Long Passwords and Complex Characters Help Protect You

Phishing Illustration

In today’s digital age, the security of your online accounts is more important than ever. Cybercriminals are constantly devising new methods to break into systems and steal personal information. One of the most effective ways to safeguard your online presence is by using strong passwords. But what exactly makes a password strong? The length of the password and the inclusion of complex characters play crucial roles in fortifying your defenses against cyber attacks. In this blog post, we will explore how long passwords and a mix of characters can protect your accounts from brute-force attacks, making it significantly harder for hackers to compromise your data. Join us as we delve into the mechanics of password security and provide practical tips for creating robust passwords that stand the test of time.

1.Increased Combinations

Longer passwords with a mix of characters (letters, numbers, symbols) increase the total number of possible combinations, making it exponentially harder for attackers to guess or brute-force the password.

– **Example**: A 6-character password with lowercase letters has 308,915,776 combinations. A 12-character password with lowercase, uppercase, numbers, and symbols has about approximately 5.4 quadrillion combinations.

To paint the picture a bit clearer:

  • 6-character password (lowercase letters):
    • At 1,000,000 attempts/second: approximately 5.15 minutes
    • At 1,000,000,000 attempts/second: approximately 0.309 seconds
  • 12-character password (lowercase, uppercase, numbers, symbols):
    • At 1,000,000 attempts/second: approximately 171.22 years
    • At 1,000,000,000 attempts/second: approximately 62.6 days

Now what would happen if we introduce random characters to our passwords:

  • 6-character password (random characters):
    • At 1,000,000 attempts/second: approximately 8.51 days
    • At 1,000,000,000 attempts/second: approximately 12.25 minutes
  • 12-character password (random characters):
    • At 1,000,000 attempts/second: approximately 17 billion years
    • At 1,000,000,000 attempts/second: approximately 17 million years

Introducing random characters dramatically increases the number of possible combinations, making it much more difficult and time-consuming for attackers to crack the password, even with sophisticated hardware and techniques.

The number of brute-force attacks per second can vary significantly based on the attacker’s hardware and the specific attack scenario. Here are some general estimates for different types of setups:

Low-End Setup

– Basic Consumer Hardware: Using a standard consumer-grade computer, the number of attempts per second might be relatively low, in the range of 1,000 to 10,000 attempts/second

Mid-Range Setup

– High-End Consumer Hardware: With a more powerful consumer-grade computer equipped with a good GPU, the rate can increase substantially 10,000 to 1,000,000 attempts/second

High-End Setup

– Dedicated Hardware: Using specialized hardware such as high-performance GPUs or dedicated password-cracking machines, the rate can be much higher 1,000,000 to 10,000,000 attempts/second

Advanced Setup

– Botnets or Cloud Computing: By leveraging botnets or cloud computing resources, attackers can distribute the workload across many machines, greatly increasing the number of attempts per second 10,000,000 to 1,000,000,000+ attempts/second

Real-World Example

– Hashcat with Modern GPUs: A tool like Hashcat, which is optimized for password cracking, running on a rig with multiple modern GPUs (such as NVIDIA RTX 3090), can achieve very high rates Billions of attempts per second.

While low-end setups might only achieve a few thousand attempts per second, advanced setups using specialized hardware and optimized software can perform billions of attempts per second.


2. Difficulty for Dictionary Attacks

Dictionary attacks use lists of common passwords and variations to guess passwords. Complex passwords that include random combinations of characters are less likely to appear in these lists, reducing the effectiveness of dictionary attacks.


3.Reduction of Predictability

Simple and short passwords are more predictable and easier to guess. Longer passwords with varied characters reduce predictability and ensure that common patterns (like “123456” or “password”) are avoided.


4.Resistance to Social Engineering

Passwords incorporating random and complex elements are harder for attackers to deduce through social engineering, where they might use personal information (like birthdates or names) to guess passwords.


Tips for Creating Strong Passwords

  1. Length: Aim for at least 12 characters.
  2. Complexity: Use a mix of uppercase and lowercase letters, numbers, and symbols.
  3. Avoid Common Words: Don’t use easily guessable words or patterns.
  4. Randomness: Use random combinations of characters.
  5. Password Managers: Consider using a password manager to generate and store complex passwords.

Longer passwords with a diverse mix of characters provide robust protection against various types of attacks by significantly increasing the difficulty for attackers to crack them. This enhanced security helps keep your accounts and personal information safe from unauthorized access.


Share this post:

Discover more articles