How To Create A Secure Password
Contents
Creating a Secure Password
Secure passwords rely on length more than complexity, but the ideal is password is long and complex. The longer your password is, the harder it will be to Opens in new window bruteforce . Avoid using words or phrases in your password. These can fall victim to Opens in new window dictionary attacks . A complex password uses random letters, numbers, and symbols.Return to Top
The Math Behind Password Security

There are 53 trillion possible passwords using eight uppercase and lowercase letters.
 Why? — There are 26 lowercase and 26 uppcase letters so 52 total letters to use. There are eight positions for these letters (password of length eight). 52^{8} = 53 trillion.
 How is 53 trillion not enough? — Computers are fast. What seems like a large number to a human is not a large number to a computer. This example password could be cracked in less than an hour using a bruteforce attack.

There are 218 trillion possible passwords using eight uppercase letters, lowercase letters, and numbers.
 Why? — There are 52 letters and 10 digits to use. There are eight positions for these letters (password of length eight). 62^{8} = 218 trillion.
 Isn't 218 trillion a lot more than 53 trillion? — No, 218 trillion is only about four times greater than 53 trillion. The password will take longer to crack using bruteforce, but it is not secure. The time to crack is now roughly 13 hours.

There are 2.8 quadrillion possible passwords using nine uppercase and lowercase letters (no numbers).
 Why? — There are 52 letters to use. There are nine positions for these letters (password of length nine). 52^{9} = 2.8 quadrillion.
 Password Length — The length of the password increases the number of possiblities exponentially why increasing the pool of characters (letters, digits, symbols) only increases the possibilities linearly. This password would take roughly 19 hours to crack. This is not considered secure, but it provides a much better result than adding numbers only.

There are 650 octillion (or billion billion billion) possible passwords using 16 uppercase letters, lowercase letters, numbers, and the following symbols: !@#$%^&*(). Note this list is not all the possible symbols to use in your password.
 Why? — There are 52 letters to use, 10 digits, and 11 selected symbols. There are 16 positions for these letters (password of length nine). 73^{16} = 650 octillion.
 Time to Crack — This password would take about seven trillion years to bruteforce.