Why Do Passwords Need To Be Complex?
WHY?
Passwords are easier than ever to crack.
There are many tools that can be used to crack passwords.
Two of the common attacks used by these tools are Dictionary & Brute force.
- Dictionary attacks use words that can be found in a dictionary. It will go through the list from A to Z until it finds your password. It will also try grouping several words together, like “mysafepassword”.
- Brute force attacks are kind of like the dictionary attack, except that it uses all possible combinations of letters, numbers, symbols. This will take longer, but with enough time, it can find your password.
Each year technology is advancing and these improvements, continually bring down the time it takes to crack a password.
Hackers can quickly crack your passwords if they are not complex. See example below:
| Complexity of a 10 Character Password | Time to Crack |
|---|---|
| Numbers Only | Instantly |
| Lowercase Letters | 58 Minutes |
| Upper & Lowercase Letters | 1 Month |
| Numbers, Upper & Lowercase Letters | 7 Months |
| Numbers, Upper & Lowercase Letters, Symbols | 5 Years |
See a detailed chart from Hive Systems
Check how long it would take to crack your password
There are several sites where you can get an estimated time to crack and/or the strength of your password.
Complexity Is Not The Only Answer
Since all passwords can be cracked with enough time, there are other strategies to reduce the possibility.
- Password Expirations – By forcing you to change your password, limits the time a hacker has to find your password.
- Two-Factor or Multi-Factor Authentication – Using an authenticator app or security key as a second authentication greatly reduces your risk. Learn more about Security Keys & Two-Factor Authentication.
- Web Browsers – Many now check if your password is weak and/or if a stored password has been compromised in a data breach.
Conclusion
Using complex passwords is a must for everyone. It used to be easy to remember my password, but now I always use complex passwords, it is almost impossible to remember. This is why I’ve switched over to using a Password Manager, which makes it so easy. I only have to remember one password, the main password to the Password Manager.
