Why Long Passwords?

Warning – this blog has a high geek rating. But maths geeks may also enjoy.
Let’s say you have a password consisting of a single digit number, e.g. 1
The maximum number of attempts it would take to crack it is 10; it could be any number from 0-9.

If it consists of a single letter there are 26 possible combinations because there are 26 letters (obviously), about two and half times as many combinations as using just a number.
Let’s increase the length of the password and use two digits, e.g. 11.
The possible combinations is now 100; anything between 0-99.
For the mathematicians this is 10^2. 10 possible digits and the length of the password is 2.

…I’m going somewhere with this…

Let’s now change that to two letters, e.g. AA
Because there are 26 letters the formula then becomes 26^2. This gives 676 possible combinations!
Increase that to three letters and you have 17,576 possible combinations (26^3)!

Do you see what’s happening..?

Use a combination of letters and numbers, e.g. AB1 then each character could be anything from a possible 36 characters (126 letters, 10 numbers).
Then that gives you a whopping 46,656 possible combinations.

Let’s start throwing capital letters and other characters into the mix. There are a total of around 95 symbols, upper & lower case letters and numbers we can use. Therefore that’s 95 options for each character in your password.
Even for the simple four character password Ab1$ there are nearly 81.5 million combinations (95^4)
That sounds like a hell of a lot of combinations but, unfortunately, it would take a modern computer merely seconds to crack this.

The solution? Use uppercase, lowercase, numbers and symbols and increase the length to at least 12 characters.
Does 12 characters sound like a lot? This password is a combination of the initial letters of the words to the song “Nellie the Elephant” (no idea why this song came into my head at the time of writing this), combined with a memorable year (again, no idea why my brain flicked from Nellie the Elephant to World War 2) with a couple of symbols thrown in.
That’s so secure I was expecting to get weird letters and stuff on my calculator when I typed in 95^12 but the number of combinations is:
540,360,087,662,636,962,890,625 (over 540 sextillion – I’ve never even heard of that number before, so that’s a big number).

Simple to remember and very secure.

Posted in Good Practice