Passwords are a tricky thing to navigate. You have always been told not to use simple things, such as your date of birth, your phone number, your name, or simple passwords such as Password, 1234567890, or 12345 (“That’s amazing! I’ve got the same combination on my luggage!” Spaceballs anyone?). So what CAN you use for a password? How can a black hat even acquire my password?
Well, it’s quite simple to be honest. Want to know the magic behind it? Let me show you!
There are 10 numbers on the keyboard, right? 0 – 9. On your default password, they have you input a 4 digit passcode. The amount of characters in your possibilities will be your primary number. In this case the digits, 0 – 9, so 10. Now, your exponent will be the number of digits in your passcode. In this example, 4. 10^4 = 10*10*10*10 = 10,000 possible combinations when using 0 to 9 only.
Now, if you understand how characters work on an electronic device, an upper case letter and lower case letter are counted as completely different characters. In the U.S. alphabet, there are 26 characters. That means if you use 4 characters, a through z, for your password, that would be 26^4, or 26*26*26*26 = or 456,976 possible combinations. It is almost as if you are going down a list and trying the following:
That would take a LONG time! I don’t know about you, but I have better things to do with my time! To simplify this, a black hat hacker would create a list, perhaps in Microsoft Excel (or just utilizing Notepad if they wanted to), or download a list that can be found online, and then run all these combinations through a bot that attempts email and password combinations until it potentially finds a match. Or, it utilizes a “dictionary password list” to run through words. Sometimes these could take minutes, or they can take days to do depending on the depth of the password, as well as whether the account in question has 2-factor authentication (having to enter the password, THEN enter a code you received on your phone, for example).
So, now that you know the formula for combinations, do you believe it is better to have a longer password, or a more complex password? Lets go back to our formula for that.
This time, we will use upper case, lower case, and numbers for our password. Upper case we have 26 characters, lower case is another 26 characters, and we have 10 numbers (0-9). So in total there is 62 characters. So lets take the ipad example using our “62.” 62^4 = 62*62*62*62 = 14,776,336 possible combinations. Now, lets increase that to having 5 characters in our password. 14,776,336*62 = 916,132,823 possible combinations. I think mathematically it makes sense that a longer password is what we’re wanting. A good rule of thumb:
Change out “look alike” letters with numbers. Example: Take the word Elite. The ‘e’ is replaced with 3. Your ‘i’ could be replaced with the number 1. Now you have 3l1t3, or you can even do El1t3, that way you have your capital letter, lower case letters, and numbers, taking you simply from 36 characters to your 62 characters.
Password suggestions always change, but if you follow these guidelines at a minimum, you won’t go wrong:
- Utilize 1 number;
- Utilize 1 lower case letter;
- Utilize 1 upper case letter;
- Avoid using commons words from the dictionary;
- Don’t utilize any PII;
- Avoid common patterns that might be found on the keyboard (qwerty, poiuy, 12345 are all examples)
- Don’t reuse the same password for all of your accounts;
- DO NOT write down your passwords all in a book next to your desk. If an intruder breaks into your home, and you have everything listed right there, in the extreme cases every account is lost that you have created.
Following the information listed here will help you understand the magic behind a password, and how to create a better password.
If you have any questions, or a comment concerning anything listed here, please leave me a message below.
As always, thank you for taking your time to secure your information, and your life.