Password strength: what makes a password strong?

Basically, the password strength depends on the number of possible combinations, which must be tried in order to guess (or crack) the password. For example, the standard 4-digit PIN codes are weak passwords, because there are only 10000 possible combinations. This is not a big problem for ATM machines because the PIN code is useless without the card and most ATM machines block when the password does not match more than 2-3 times. However, in many other cases it is possible to use automated password cracking tools, which can try thousands or even millions passwords per second, so any weak password will be cracked in a matter of seconds or minutes.

The number of possible combinations depends of the symbols, which are used in the password and the password length. See the table bellow for some estimates of the time for cracking of the passwords with different complexity on 4 typical computers. The first computer is a contemporary mid-level PC, which can test 1 million passwords per second. The second is a future computer 10 years from now, which will be able to test 65 million passwords per second. The third computer is contemporary mid-level supercomputer, which can test 1 billion passwords per second and the last is a future supercomputer 10 years from now, which will be able to test 65 billion passwords per second. Please note that these are approximate estimates and the actual password testing speed may be significantly faster or slower for different types of encryption algorithms.

NOTE: The numbers above are valid only if the symbols of the password are truly random. If the password symbols are not random, then the cracking times are drastically lower.

Download the free trial version of Mil Shield 9.0 4.34 MB - 5 sec with broadband

Random password generator: How to generate secure passwords

Why are the passwords important?	How to generate strong random passwords?