Siler City, NC – I would like to remind our resident cybersecurity expert that numbers and ‘special’ characters make passwords hard to remember and do not add strength because cracking is done by a computer, not a person, nowadays, and to a computer, a character is a character is a character.
The strongest passwords are what I call “XKCD 936 Compliant” — per xkcd.com/936/ — the thing that matters isn’t the kind of character, but how long the password is.
It works on probability, just like the lottery does. Each character in your password is probably eight ‘bits’ long, in computer speak, each of which can be ‘on’ or ‘off, ‘1’ or ‘0’. (It’s not actually this simple, but this is “good enough” for the purposes of explaining.) Suffice to say that, because of how computers represent numbers — and EVERYTHING is a number, to a computer — that means that for each password character, there are 256 possibilities.
The way the math works, therefore, a four-character password has nearly 175 million possibilities. That sounds like a lot, but for the CPU in your typical Dell desktop nowadays, iterating through all of those takes hours if not minutes — certainty less than a full day. For just the digits 0-9, four characters is a mere 5,040 possibilities, which is why your credit card now has a special chip in it!
But a 5-character password has just over a trillion possibilities, and a 6-character password has over 265 trillion possibilities.
The longer your password is, the more possibilities there are for what it could be, and the harder computers have to work to figure it out. The rules about special characters and numbers are an approach that dates from when people still tried to break computer codes, ciphers, and passwords on their own, rather than using other computers for that. Length is all that still matters.