What’s a Good Password?
Passwords are by far the most common tool used to verify your identity. WordPress uses a password to control access to your administrative panels and it’s important to pick a good password. Other sites are updates via an ftp account – still using a password. So, what constitutes a good password? Easy, one that is difficult to guess!
The first factor is the length of the password and the character set (the possible values that can be used for any password character). If we start looking at numbers only (like a pin number) there are 10 possible values. If we include letters then there are 36 possible values. If we differentiate upper case from lower case then there are 62 possibilities.
The next factor is the length. For each additional character we require of the password length the number of possible combinations increases geometrically:
| 10 | 36 | 62 | |
| 1 | 10 | 36 | 62 |
| 2 | 100 | 1,296 | 3,844 |
| 3 | 1,000 | 46,656 | 238,328 |
| 4 | 10,000 | 1,679,616 | 14,776,336 |
| 5 | 100,000 | 60,466,176 | 916,132,832 |
| 6 | 1,000,000 | 2,176,782,336 | 56,800,235,584 |
| 7 | 10,000,000 | 78,364,164,096 | 3,521,614,606,208 |
| 8 | 100,000,000 | 2,821,109,907,456 | 218,340,105,584,896 |
| 9 | 1,000,000,000 | 101,559,956,668,416 | 13,537,086,546,263,600 |
| 10 | 10,000,000,000 | 3,656,158,440,062,980 | 839,299,365,868,340,000 |
As you can see, if we include both upper and lower case letters and numbers there are 839,299,365,868,340,000 possible combinations if we have a password of 10 characters. Even a computer would take quite a long time to guess that password!
However, this assumes that all possible combinations of letters and numbers are random. People usually aren’t very random. Most of us use easy to remember words. So a common tactic is to take a dictionary and try all the words in a dictionary first. The Second Edition of the 20-volume Oxford English Dictionary contains full entries for 171,476 words in current use, and 47,156 obsolete words. If we add derivatives, we can round that out to about 250,000 unique words in English. That’s a lot less than 839,299,365,868,340,000! It’s also pretty easy and quick for a computer to run all 250,000 words to try to find your password.
That’s why most sites recommend a random combination of numbers and upper and lower case letters. It makes passwords much harder to guess.
Of course, it’s hard to people to remember all this random information. That’s why we use easy to guess passwords in the first place. Many of us use the same password for everything! This isn’t a good idea either since once someone gets a password and id combination they’ll try that same combination in many places. Each website should have it’s own unique password.
I’ve been using LastPass and have found it really helpful to keep track of all my passwords. LastPass stores and encrypts all my passwords and all I have to remember is one master password. My master password is very long (definitely over 10 characters!) and not at all related to a word in the dictionary. Yet it’s easy enough for me to remember this one password. LastPass is free and makes it easy to randomize your passwords throughout the net. Give it a try!
