As someone who spends a significant amount of time online, I know just how important it is to have secure passwords.
With so many accounts to keep track of, it’s easy to become overwhelmed by the number of passwords we’re expected to remember. This can lead to confusion about what makes a password strong, how long it should be, and what kind of characters to use.
Today, I’ll try to answer some of the most common questions about passwords and provide you with the information you need to keep your accounts secure.
Are a Password and Passcode the Same?
The answer is no. A password is typically used for logging in to a website or an online service. On the other hand, a passcode is used to secure a device such as a smartphone or a tablet.
When protecting your online accounts, a password is what you’ll use most often. Using a strong, unique password for each account is important to protect your personal information.
Why do Passwords Have a Maximum Length?
Passwords have a maximum length due to technical limitations in the software and databases used to store passwords. While longer passwords can be more secure, they can also be more difficult to remember.
The good news is that longer passwords can increase your password’s strength. This is because they have more possible combinations, making them harder to crack.
I use my favorite password manager, 1Password, to create long and complex passwords for me. This way, I don’t have to remember each password and can ensure that my accounts are protected.
How Many Password Combinations are There?
Password combinations are a measure of the number of possible combinations that a password can have. The more characters a password has, the more combinations it can have.
For example, a 4-digit password has 10,000 possible combinations. A 10-digit password, on the other hand, has over 9 billion possible combinations.
I wrote a program to demonstrate how easy it is to break passwords using brute force. I want to stress that this program was written without any optimizations and is just a rough example.
The speed at which the password can be broken depends on various factors, such as the hardware used and whether the attempt is being made locally on a computer or over the internet.
In my first example, it took just 0.0011 seconds to break a 4-digit password.
Making the same attempt to break a 9-digit password took just over 45 seconds.
It’s important to note that I have not optimized the program. It simply searches for the password by checking each digit one by one until a match is found.
This means that typing a password of 999999999 will take approximately 50% longer than 555555555. I could optimize the code for multithreading, but this was intended to be a simple example.
Finally, I gave up waiting after 10 minutes when the program tried to break the 10-digit long password that has over 9 billion possible combinations.
The examples above highlight the importance of using strong and secure passwords with many possible combinations to ensure they are difficult to crack.
Having a password with many possible combinations makes it harder for attackers to guess the correct password through brute-force methods.
Don’t want to deal with calculating combinations and remembering complex passwords? Try 1Password’s free trial today and let their password manager take care of it.
Here are a few more examples to help illustrate how to calculate the number of combinations in a password:
- A 6-character password using only lowercase letters: There are 26 possible characters for each position (a-z), and with 6 positions, the number of possible combinations is 26^6, or 308,915,776. It took my program just over 1 second to break that type of password.
- An 8-character password using a mix of uppercase letters, lowercase letters, numbers, and symbols: There are 62 possible characters for each position (A-Z, a-z, 0-9, and symbols), and with 8 positions, the number of possible combinations is 62^8, or 218,340,105,584,896.
- A 12-character password using a mix of uppercase letters, lowercase letters, numbers, and symbols: There are 62 possible characters for each position, and with 12 positions, the number of possible combinations is 62^12, or 839,299,365,868,340,224.
As you can see, the number of combinations in a password grows exponentially with each additional character.
That’s why, as long as the service allows, I create passwords that are a minimum of 12 characters in length using a mix of uppercase letters, lowercase letters, numbers, and symbols for even greater security.
How Fast Can a Supercomputer Crack a Password?
The speed at which a supercomputer can crack a password depends on several factors, including password length, complexity, and specific hardware and software.
However, some rough estimates can be provided based on the latest technology.
As explained in one of the examples in the previous paragraph, using a single graphics processing unit (GPU), a password consisting of just 6 lowercase letters can be cracked in under a second.
On the other hand, a password that is eight characters long and includes uppercase and lowercase letters, numbers, and symbols can take years or even decades to crack, even with a supercomputer.
Here are some examples:
- “password” (6 lowercase letters) – cracked in less than a second.
- “passw0rd” (8 characters, including a number) – cracked in less than a day.
- “P@ssw0rd1” (8 characters, including uppercase letters, numbers, and symbols) – cracked in a few months.
- “Tr0ub4dor&3” (12 characters, including uppercase letters, numbers, and symbols) – estimated time to crack: several decades or more.
It’s important to note that these are rough estimates and can vary greatly based on the technology and resources used by the attacker.
To keep your information secure, it’s always best to use a unique and complex password at least 12 characters long.
How Many Password Combinations are Possible on a Keyboard?
The number of password combinations possible on a full QWERTY keyboard depends on several factors, including the length of the password, the number of characters used (letters, numbers, symbols), and whether or not the characters are case-sensitive.
For example, if a password is 8 characters long and consists of only lowercase letters, there are 26^8 possible combinations, or 208,827,064,576.
If the password includes uppercase letters, numbers, and symbols, the number of possible combinations would be significantly larger.
Many people use keyboard patterns as passwords, such as “qwerty” or “123456”. However, these types of passwords are not very secure. This is because they have limited combinations and can be easily cracked.
To enhance security, it’s important to utilize a combination of letters, numbers, and symbols in your password, thereby increasing the number of possible combinations and making it more difficult to crack.
I use 1Password to create strong and complex passwords, and it’s incredibly easy.
Why do Websites Have Maximum Password Length?
Website restrictions on password length are due to technical limitations in the software and databases used to store passwords.
When creating a password, keeping the maximum length in mind is important. This will ensure that your password is accepted by the website and stored securely.
Why do Passwords Have a Minimum Length?
Many websites also have a minimum length requirement for passwords. This is to help ensure that passwords are strong and difficult to crack. Shorter passwords can be easily guessed, making them a security risk.
The minimum length requirement is in place to prevent weak passwords, such as “password” or “1234”. Using a longer password with a mix of characters can make it much more difficult for hackers to access your accounts.
How Long is Too Long for a Password?
There is no set answer to this question, as the ideal length for a password will depend on the website or service you’re using. Generally, longer passwords are more secure, as they have more possible combinations and are harder to crack.
It’s important to use a password that is long enough to be secure but not so long that it becomes difficult to remember. A password manager like 1Password can help with this, as it can generate secure, random passwords for you.
Before you go…
If you want to improve your online security beyond just using passwords, I recommend checking out my other article below. It explains why two-factor authentication (2FA) is crucial for safeguarding your online accounts.
Passwords Alone Aren’t Enough: Why You Need 2FA?