The Passwords are regularly requested to access online services or ensure content protection and constitute more or less solid digital locks to protect personal and professional data which may arouse envy.
While it is absolutely necessary to avoid using overly used terms (123456, password, azerty…), the length of the password and the characters used are important.
The strength of the password will of course depend on what is to be stored behind, whether for protect personal information, access a more or less sensitive service or access your bank account, but significantly strengthening your security is not necessarily very complicated.
According to data from Security.org, with current computer brute force techniques for revealing passwords, any combination of 8 lowercase letters can be guessed immediately.
Adding a ninth will only take a few more minutes to discover the password. On the other hand, adding a simple uppercase letter in an 8-letter password is already a small difficulty.
And this complication becomes exponential if the password gets longer: if it only takes 22 minutes to crack an 8-letter password with a capital letter, it will take 1 month for a 10-letter password, 5 years. for a password of 11 letters and … 300 years if it has 12 letters.
Against brute force, the power of combinations
By adding at least one number and one symbol in addition to the capital letter, crack a password will quickly take months and years … if it is at least 10 characters long.
The explanation is simple: with 26 lowercase letters, the number of possible combinations is 209 billion. By adding the capital letters, this goes to 53.5 trillion.
With the additional numbers, the number of combinations reaches 218 trillion possibilities. And with the symbols, even taking into account only those displayed on keyboards, you have to explore 430 trillion combinations.
Hence the recommendations to use cash passwords at least 12 random characters (or even at least 16) without following or duplicating characters and unrelated to user information (birthday, name of children, dog, etc.).
Beware of information accessible on social networks! It can be a good way, with social engineering and phishing, to break a password very quickly without even going through brute force techniques.