{"id":6720,"date":"2017-03-27T20:35:29","date_gmt":"2017-03-27T18:35:29","guid":{"rendered":"https:\/\/www.combell.com\/en\/blog\/?p=6720"},"modified":"2021-06-22T14:33:39","modified_gmt":"2021-06-22T12:33:39","slug":"secure-passwords-complex-or-long","status":"publish","type":"post","link":"https:\/\/www.combell.com\/en\/blog\/secure-passwords-complex-or-long\/","title":{"rendered":"Secure passwords: short and complex or long and memorable?"},"content":{"rendered":"

When you check your e-mail, when you place an order with\u00a0Amazon.com<\/a>, and even when you register for a group fitness session, you are constantly required to enter your password. Often, you are also requested to include at least several digits, capital letters and special characters<\/strong> in that password. But, honestly, who is going to remember \u201cj!l_U-7_k.cr\u201d? It is therefore not surprising that the most common password is simply \u201c123456\u201d. Obviously, such a password is much easier to hack<\/strong>. But do not worry; everyone can come up with memorable and secure passwords\u2026 And it is quite easy!<\/p>\n

 <\/p>\n

\u201cPassword\u201d as a password<\/strong><\/h2>\n

\"Secure<\/p>\n

We\u00a0generally tend to use a password that is easy to remember. Often, we use birthdays, (family) names or simple key combinations<\/strong>, such as \u201cqwertyuiop\u201d. But such passwords are easy to guess<\/strong> by malicious people. Personal information is indeed easy to find on the Internet, as well as lists of the most commonly used password combinations.<\/p>\n

Furthermore, Microsoft<\/a> has reported that an average person has no less than 25 online accounts<\/strong>, for which he or she uses\u00a06.5 different passwords<\/strong>. This means that the majority of people use a single key to open several digital doors. And the risk is even greater if the password is easy to guess. If someone manages to crack the password of your (harmless) library account, he or she will be able to access your mailbox in no time and then request and\/or change passwords for other websites. And that, of course, is something you want to avoid at all costs.<\/p>\n

 <\/p>\n

How can you crack a password?<\/strong><\/h2>\n

\"Secure<\/p>\n

As previously stated, many passwords are guessed by people who crack passwords<\/strong>, who are also known as crackers<\/strong>. After all, many people use simple key combinations or personal information that is easy to find on the Internet. Many passwords are also stolen using phishing<\/strong> methods (your passwords are simply requested via e-mail or over the telephone<\/strong>). Criminals often pretend to be someone else (e.g. a bank employee, but you can also read more about a recent situation with which Combell has recently been faced<\/a>), hoping to steal your personal information. Unfortunatly, this little scam often still works.<\/p>\n

Then again, in addition to simply guessing or requesting passwords, crackers also use other methods to perform attacks. Your password can e.g. also be guessed through a brute force attack<\/em><\/strong><\/a>. For this, they run an automatic script that continuously attempts to log in using different character variations<\/strong>. If, for instance, your password is \u201cben\u201d, the script will first attempt to log in using \u201caaa\u201d, then \u201caab\u201d, \u201cabb\u201d, and so on. This way, it does not take long to use \u201cbel\u201d, \u201cbem\u201d and \u201cben\u201d. And bingo! So much for your password! Two common types of such attacks are dictionary and common word attacks<\/a>. As the terms suggest, such methods use a list of commonly used words, or even the entire dictionary, which the script uses to attempt to log in.<\/p>\n

SEE ALSO: \u201c<\/strong>Brute force attacks: how<\/strong> to protect yourself?<\/strong><\/a>\u201d<\/p>\n

 <\/p>\n

Ch0053 a 5ecur3 passw0rd<\/strong><\/h2>\n

So, what secure passwords are so strong\u00a0that crackers cannot guess them? Many experts are convinced that the most secure passwords include both small and capital letters, digits and special characters. In addition, they must be at least 8 characters long<\/strong>. Just to give you an idea: \u201cD(9_*!3N\u201d should be a great password. According to Gibson Research Corporation<\/a>, this password would resist for 2.13 thousand centuries when trying to crack it (assuming 1,000 login attempts per second). That sounds pretty secure! But who will remember \u201cD(9_*!3N\u201d? Many Internet users will most probably have to write down<\/strong> this password somewhere, which is even more risky.<\/p>\n

\n

Tip:<\/strong> feel free to test your password using the handy calculator<\/a> developed by Gibson Research Corporation!<\/p>\n<\/div>\n

So, how can you find a password that is both strong and memorable? Here is the solution: go for a long password instead of a complex one!<\/strong> Think of two or three random words and put them together. What about a password like \u201cBearWithBeard\u201d? Quite easy to remember, isn\u2019t it? This password is 13 characters long, and thanks to the combination of small and capital letters, you have 52 possibilities. That means 285 quadrillions (!!!) of possible combinations<\/strong>. Attempting to crack this password manually is obviously out of the question, and even using a brute force attack, you would need 7 million centuries to succeed. Now, that is impressive!<\/p>\n

\n\n\n\n\t\n\n\t\n\t\n\t\n\t\n\t\n\t\n\t\n\t\n\t\n\t
Characters<\/th>Number of possible combinations<\/th>Brute force time<\/th>\n<\/tr>\n<\/thead>\n
1<\/td>62
\n<\/td>		Immediate<\/td>\n<\/tr>\n
2<\/td>3,844<\/td>Immediate<\/td>\n<\/tr>\n
3<\/td>238,328<\/td>Immediate<\/td>\n<\/tr>\n
4<\/td>14,776,336<\/td>Immediate<\/td>\n<\/tr>\n
5<\/td>916,132,832<\/td>42 seconds<\/td>\n<\/tr>\n
6<\/td>56,800,235,584<\/td>43 minutes<\/td>\n<\/tr>\n
7<\/td>3,521,614,606,208<\/td>44 hours<\/td>\n<\/tr>\n
8<\/td>218,340,15,584,896<\/td>115 days<\/td>\n<\/tr>\n
9<\/td>13,537,086,546,263,600<\/td>20 years<\/td>\n<\/tr>\n
10
\n<\/td>		839,299,365,868,340,000<\/td>12 centuries<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/p>\n

 <\/p>\n

One password, but slightly different<\/strong><\/h2>\n

This is how you can come up with a memorable and virtually unbreakable password, which is impossible to crack, even using a brute force attacks. Nevertheless, there are other ways other people can get hold of your password. How?<\/p>\n

 <\/p>\n

People can obtain your password because<\/strong><\/h3>\n

<\/p>\n