2 minute read
What Makes a Strong Password?
Natasha Johnson (PR U6)
The 21st century is ripe with technological advances and, with quarantine and lockdown, we have taken advantage of the technology available to us. With email, social media and UCAS Track accounts, the use of passwords to access information and lessons is vital in our virtual learning environment. But even with their integral role in our daily lives, how many of us take care to create strong passwords?
Sure, making your password ‘password’ is much easier to remember than making it ‘QuSxx9k*1zzZ3ki$9*9’, but there is a logical basis as to why some passwords are considered ‘stronger’ than others. Although easier to remember, a weak password can make your account significantly more vulnerable to attack – and we can use mathematics to understand why.
Consider a password consisting of six lower case letters. For each character, you have 26 options to choose from, so you have 26 options for your first letter, second and so on until the sixth letter. So we can multiply to find out the total number of possibilities. The part of mathematics we are involving is called combinatorics – or the mathematics of counting. This results with 26 26 26 26 26 26 (or 266) which is 308,915,776 possible passwords to choose from. This may seem like a lot, but let’s instead consider a password of length 10 characters, that can use both upper case and lower case letters as well as numbers. Now you have 26 upper case letters + 26 lower case letters + 10 digits to choose from for each character in the password, or 6210 possible passwords.
This is significantly more than the number of possible passwords in the first scenario. In fact, 6210 is nearly three billion times larger than 266. If it took a program performing a brute force attack (one where each possible password is considered) one second to scan through 266 possible passwords, it would take over 80 years to scan through 6210 possible passwords. This type of attack was at the centre of the infamous iCloud breach in 2019 that exposed hundreds of celebrities’ personal pictures and, although it works for the first situation, it’s not feasible for the second situation.
Here, the numbers 266 and 6210 are the size of the respective sets of possible passwords. It is the size of the sample spaces that determine whether a password is weak or strong. The more complex and longer a password is, the stronger it is.
Aha! You might say, deciding that the extremely long and complex password of ‘QuAntumElectrodyNamic$602207’ would work but, although long and with a mixture of lower case letters, upper case letters, digits and symbols, this type of password that involves closely related words is vulnerable to so called ‘dictionary attacks’.
As technology improves, it becomes easier to hack an account. As brute force attacks take less time to execute, a password becomes weaker with time, which is why you should make sure to change passwords regularly. A password deemed strong five years ago, may not be today.
The best passwords are strong, long and complex because of the size of their sets of possible passwords. However, you can have other good habits to maximise the security of your Netflix account. Regularly changing your password and using multi-factor authentication systems can help protect your account from attack but, with a weak password, the entire system is weakened.
