'Strong' isn't a detailed password-rating; go for a quintillions possible combos, then add a symbol Security breaches of mind-numbing size like those at LinkedIn and EHarmony.com set crypto- and security geeks to chattering about weak passwords and lazy users and the importance of non-alphanumeric characters to security. And insisting on a particular number of characters in a password is just pointless security-fetish control freakishness, right? Nope. The number and type of characters make a big difference. [ Stupid security mistakes: Things you missed while doing the hard stuff ] How big? Adding a symbol eliminates the possibility of a straight dictionary attack (using, literally, words from a dictionary. Adding a symbol, especially an unusual one, makes it much harder to crack even using rainbow tables (collections of alphanumeric combinations, only some of which include symbols). How big a difference to length and character make? Look below and pick which password-cracking jobs you’d want to take on if you were a computer. The examples come from the Interactive Brute Force Password Search Space Calculator: at GRC.com, the love child of from former InfoWorld columnist and freeware contributor Steve Gibson How long would it take to crack my password: (Includes letters and numbers, no upper- or lower-case and no symbols) 6 characters: 2.25 billion possible combinations Cracking online using web app hitting a target site with one thousand guesses per second: 3.7 weeks. Cracking offline using high-powered servers or desktops (one hundred billion guesses/second): 0.0224 seconds Cracking offline, using massively parallel multiprocessing clusters or grid (one hundred trillion guesses per second: 0.0000224 seconds 10 characters: 3.76 quadrillion possible combinations Cracking online using web app hitting a target site with one thousand guesses per second: 3.7 weeks. Cracking offline using high-powered servers or desktops (one hundred billion guesses/second): 10.45 hours Cracking offline, using massively parallel multiprocessing clusters or grid (one hundred trillion guesses per second: 37.61 seconds. Add a symbol, make the crack several orders of magnitude more difficult: 6 characters: 7.6 trillion possible combinations Cracking online using web app hitting a target site with one thousand guesses per second: 2.4 centuries. Cracking offline using high-powered servers or desktops (one hundred billion guesses/second): 1.26 minutes Cracking offline, using massively parallel multiprocessing clusters or grid (one hundred trillion guesses per second: 0.0756 seconds 10 characters: Possible combinations: 171.3 sextillion (171,269,557,687,901,638,419; 1.71 x 1020) Cracking online using web app hitting a target site with one thousand guesses per second: 54.46 million centuries. Cracking offline using high-powered servers or desktops (one hundred billion guesses/second) 54.46 years Cracking offline, using massively parallel multiprocessing clusters or grid (one hundred trillion guesses per second: 2.83 weeks. Take Steve’s advice: go for 10 characters, then add a symbol. Related content analysis With three zero-days, it’s a patch-now Patch Tuesday for May This is one of those months where it’s important to roll out Microsoft’s latest round of fixes as soon as you can. By Greg Lambert May 17, 2024 9 mins Microsoft Windows 10 Windows Security opinion Review: The M4 iPad Pro — an amazing AI PC Light, thin, and indiscreetly powerful, Apple's new iPad Pro will be seen as more than just a tablet once Apple introduces genAI in iPadOS. By Jonny Evans May 17, 2024 11 mins iPad Apple iOS news Citrix parent mulls selling ShareFile amid streamlining efforts The disinvestment of ShareFile is seen as a strategic move by Cloud Software Group to refocus on its core competencies. By Gyana Swain May 17, 2024 3 mins Citrix Systems Collaboration Software news Google brings Gemini AI to the classroom Google is making its Gemini AI assistant available for Workspace for Education customers beginning on May 23. By Matthew Finnegan May 17, 2024 4 mins Education Industry Generative AI Google Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe