Passwords are a part of everyone’s life these days. Most people have at least a few accounts that require them. Yet time and again, we hear about passwords being hacked or cracked and accounts being compromised. How do you know if your password is secure?

The old theory on password creation was to take a word or phrase and change a few characters, to end up with something like “P@s$w0rd”. This led to many hard to remember but ultimately insecure passwords. This operated under the faulty assumption that password cracking attempts were being done by a human guessing the character chain. However, this is simply not the case.

Password cracking is done by computer systems, typically by brute-forcing every possible combination. By adding a vector of complexity (such as symbols or numbers), the password becomes exponentially more difficult to guess. Increase the character count along with the vector count, and passwords go from easily cracked to near-impossible very quickly.

The below chart is from 2012, but it still illustrates the exponential nature of increasing complexity when creating a password. Source:

The time durations listed represent the average cracking array scenario working on a given password. Many systems now require password complexity of at least the second-to-right column. You can see that by using ten or more characters with this character variety generates a password that cannot reasonably be cracked within a lifetime. Using eight characters, just two fewer, results in a password that is functionally nearly 4000 times weaker than a ten-character equivalent.

Finally, because of the brute force nature of password cracking systems, there’s no need to create overly convoluted passwords. Using regular, easy to remember words is acceptable, as password cracking systems do not think in the same way human beings do. Something simple but of decent length and complexity will work fine. For example, the password “Oklahoma85#” would take 71,000 years to crack, based on the above chart.

Another useful tool for generating sufficiently complex passwords can be found here:  The WEB16 settings create complex but fairly simple to remember passwords, though you can change the settings and see the effective entropy of the passwords you create. The site will let you know the strength of your password based on current standards.

At Layered Systems, we take network security very seriously. If you’re concerned your business might be at risk, Contact Us to learn how we can help secure your business today.