Here are two passwords. Try to figure out which one is harder for a hacker to crack.
- First, one with a combination of letters and symbols: "%$#@(8ks98"
- Another starts with the word "dog," but with a capital "D," the numeral zero for the "o," and several periods after the "g": "D0g..........."
Believe it or not, the second is more difficult, and here's why.
"Making the password longer slows down their ability to figure out what the password is, and length matters more than complexity," says Steve Gibson, a computer-hacking expert.
Because every password is like a needle in a haystack, Gibson came up with something he calls a "haystack calculator." It's a website that can show you immediately how easy or how hard it is to crack your password.
Unfortunately people like to use simple passwords so they can remember them. The most-common password is "123456." The word "password" is also near the top of the list, and so is the phrase "iloveyou." They are so common that hackers put them into a dictionary of passwords.
So Gibson says you need to make the haystack as big as possible to really hide the needle.
Gibson's calculator shows how longer passwords make the haystack bigger.
He demonstrates by adding one character at a time.
"We can see that the length of time required is increasing very quickly, to the point that in the worst case: 38 centuries," said Gibson.
Before the password is hacked. In other words you don't have to make the password so complicated you can't remember it. Just add more characters.
"And it doesn't matter what they are. They could just be colons. Or come up with something like your own personal secret, and you add that to your password and it makes it vastly stronger," said Gibson.
But the safest passwords will have:
- At least one letter in upper case
- Another one in lower case
- There will be at least one digit
- And one symbol
- 12 characters long is optimum