Complex Passwords for Complex Security

There are hundreds of ways to make your site or network more secure. These can involve expensive hardware, complicated software, and a LOT of research and time to develop and implement. What’s a low-cost way to beef up your security? Complex passwords! This is a great way for a smaller company to step up a notch in security, and its an easy way for a larger company to add one more roadblock for those malicious “black hats.”

What is a complex password?

Your standard user’s password may be their dog’s name, a birthday, or a random word.  This is easy to remember, but it’s far from complex.  It might take a brute force attack a manner of hours to run through all the combinations of letters to guess that magic word that lets him (or her!) in to reek havoc.

Whats this brute force business?

A brute force attack tries to find a password by trying all the combinations of characters there are.  There isn’t much finesse involved, but I suppose thats why they call it a “brute force.”  As you can imagine, it takes a LONG time to try all those combinations.

Complex passwords incorporate more than the standard alpha-numeric letters and numbers.  As simple as it sounds, its much more effective than one might think. Adding non-standard characters can increase the amount of time needed to brute force a password exponentially.

Lets take a look at the numbers…

Nuts and Bolts.

What kind of improvement you can get from using a complex password? Everyone always says complex passwords are great, but just how great are they?  To find this out, you can use a handy thing called permutations.  Wow, I guess statistics did come in handy!

Starting off with a standard 5 letter password, using ONLY the lowercase English alphabet (26 characters), there are 7,893,600 combinations of letters possible, from “aaaaa” to “zzzzz,” and everything in between.

Now you may say WOW, almost 8 million possibilities?  Sounds pretty secure to me!

WRONG!

Think about how fast your computer is.  8 million attempts and it wont even break a sweat.  Lets make this a little more complex and just add one letter for a 6 character password.

The result?  165,765,600.

Jumped quite a bit there didn’t it?  From 8 million to 165 million with just one character.  At this point you may be wondering why you even need to bring in those silly non alpha-numeric symbols.  Heres why:

Using a 6 letter password, with the possibility of every character on a standard English keyboard (94 characters, a password like “5()Cc3R” for instance) there are a whopping 586,236,072,240 possible combinations! 

586 billion combinations!  Boy, that might even take a computer a while to try them all.  I wish I had that many digits on my bank statement!

Now the only draw-back with complex passwords is that they can be hard to remember, but there are a couple things you can do to help resolve that issue.

 Here are a couple of tips…

• Use character substitution.  3 instead of E, 4 instead of A, zero instead of o, | instead of l or I, etc…
• Use memorable finger movements, something you can easily remember.  Try every other key, or a pattern on your keyboard.  
• Try just moving off home row!  Moving your fingers just one character up can give you a gibberish password with numbers that could be harder to guess.
• Make up a sentence with punctuation, like “I LOVE pie a LOT!” (I really do!)
• Find some combination of the above methods that works for you!
• DON’T WRITE IT DOWN!!! Regardless of how complex a password is, it’s simple when its on a sticky note.

Conclusion

You can see with the above examples why implementing complex passwords in your organization or on your website can be an easy and cost-effective security measure that can do a lot of good when it comes to protecting your electronic assets.  Some of you might even have non-English keyboards with more characters than mine, think of the possibilities!

An additional note, if you want to figure out how many combinations exist for a given password length, just use the Excel function “permut,” as shown below…

=permut(<number of possible characters>, <length of password>)

Have fun, and be safe and secure with complex passwords!