Keep it safe: Sharing with Surevine. Week 2 – Password complexity

This is the second instalment in a series of blogs we are publishing each week, all under the title “Keep it safe: Sharing with Surevine”.

Last week we introduced the series, with our theme of Passwords, and focussed on Password Storage.

Keeping the theme, but moving it on a step, this week we have…

Password Complexity

There is a cartoon that explains this for those of you with any understanding of maths :

XKCD password cartoon

If you don’t understand much maths, then : the longer a password is, the more time it takes to crack. EVEN IF it has no special characters in.

So, a website that says passwords “between 8 and 12 characters with at least one number and one letter” are limiting the amount of time taken to hack the password to days/years and a password you’re not going to remember. Whereas, if they said “Type in your favourite film quote of more than 20 characters” you’d be straight in there with

“This is a .44 Magnum, the most powerful handgun in the world”

and all of a sudden, you’ve got a password that is going to take thousands of years for a computer to guess (even with weaker encryption types) and it doesn’t blow your head clean off remembering it.

Of course, if you use a password manager, then you only need to remember one password to get into the password manager. You should use a long (16+ characters) random password for websites and one longer, memorable password for the password manager’s password.

Tune in next week for one step beyond…