Sometimes, when I login to my computer, my friends notice that it takes me a (relatively) lengthy amount of time to input my password.  They are quite surprised when I inform them that my password is over 20 characters long.  They want to know why I have such a long password and how I remember it.  It’s actually an easy password to remember, but is significantly more secure than any 10 random character password.

Nowadays, everyone has accounts on various websites.  And each of these accounts calls for a password, to ensure that your data stays private.  Many people use the same password for multiple sites, but that means that if that password is stolen, your safety has been compromised across all those websites.  My father enjoys the method of using six or seven random characters, but always has to write them down, which is not very safe.  So how do you ensure that your passwords are strong, but not so complicated that you’ll forget them?

First, it’s important to realize is that, unless you have made powerful enemies, hackers aren’t looking for your password specifically.  Rather, they use standard techniques in an attempt to get many peoples’ passwords at once.

What most people think of when they think of hacking is using a backdoor or an exploit to get at your information.  These are weaknesses in the website’s security that allow hackers to access its data.  This data could be anything from the website’s programming to your personal information.  The Heartbleed bug that affected many websites a few years ago is an example of this.  In this case, the strength of your password means nothing, because the hacker will have already gotten it.  However, we usually don’t need to worry about this because most websites are security-conscious, and will frequently run security checks and update their internal security protocols.  You just need to pay attention to the news, and if a website you use gets hacked, change your login information as soon as possible.

The main area having a strong password helps you out is when someone tries to brute-force guess your password.  By entering many different possible passwords, they attempt to find out what is the correct one.  This tactic is almost never done manually, but is done by a computer program.  And, while computers can run through many different possibilities very quickly, this still takes time.  If you have a one character password, there are about $75$ different possibilities.  But every new character you add increases the number of possibilities exponentially.  With two characters, there are $75^2$ or $5625$ different possibilities.  Three characters makes it $75^3$ or $421875$ possibilities.  If a computer can run through one million possibilities a second, a password of 20 characters would take it over a quintillion years to go through all of them.  This means that a longer password is almost always better.  The length of time it takes to guess a password can be decreased, however, if the program begins by guessing common words and phrases.  Therefore, it is important to avoid using everyday words or personal information.