You were asked for a strong password while signup most of the mobile apps and websites. But how strong is strong?
Before make any conclusion, let's see what crackers, your opponents, will do with password. Crackers works in a very traditional way. They try your passoword one character by another.
Interesting and silly, right? But it was proved to be the most efficient way.
They will start from a short combination, like 'a', and then 'b' until 'z' is tested. Then they go to 'aa', and then 'ab' until 'az'. In this way, they start from 1 character long string and with 26 alphabets they try all the possible combiantions.
The problem is, they can not test all combinations of any length. For 1 character long password, their only 26 possibilities, for 2 characters long, there will be 26x26=676 combinations. For a 8 character long password, there will be 268=208billion combinations. It's a huge number, looks like impossible to try them all over.
You are so wrong!
A computer could go through all these 208 billion combination in only 5 seconds!
Supperised, computer is much powerful than our imagenation.
Maybe you already figure out a better solution, mix some uppercase letters into your password so that, for a 8 character long password, there will be (26+26)8=50,000billion combinations. How long it will take to go through all of them by computer?
About 22 minutes.
If you put numbers and symbols inot your 8 character long password, the time consuming would go up to 9 hours max.
Is it strong enough?
No, it's not, all the above time are supposed to be calculated by a single computer. But crackers usually has very large scale computing capability, which could reduce 9 hours into 1 second.
Then what should I do to have a strong password?
Both complexity and length of your password matter. A password of 15 characters long are recommended. It will consume 3400 years to get your password cracked. Sounds great!
Don't even try to generate a strong password by your randomly keystroking. It's not random and not strong because you have your patterns. Strong password generators like 10converters.com will definitly help you. We had a browser extensions as well, especially for some Chromium based browsers like Microsoft Edge and Brave, they don't have built-in password generator.
If your password is long enough and complex enough, it will be impossible to remember them. But don't worry. You are most probably using a Chrome, Microsoft Edge, Safari. All these 3 browers come with a built-in password management.
You don't have to remember your passwords all by yourself if your password were generated by password generator and you have a password management.
Even if your password is strong enough, you may try to reuse them for more than one websites and mobile apps. That's dangerous.
Reclaim or recycle password make your password weaker. Once the crackers get your password for one website, they will try it on all other platforms as much as they can.
For there're so many combinations of password, smart crackers will try combinations from a dictionary first. That's a shortcut of cracking, and many people falls into the trap.
Words in dictionary decrease security level of your password dramatically. You've already get a password management, why try to remember them by yourself by using dictionary words?
You may be forced to reset your password every 3 month by your IT department. But I must tell you it's bad practice at all.
You must experienced change your password from 'a-long-complex-password-1' to 'a-long-complex-password-2' when you were asked to reset password every 3 months. That forces you to create your password into a pattern which is easy to remember.
You guess what, easy to remember means easy to be cracked.
Yes, we said above, easy to remember normally falls into patter, and then easy to be cracked.
Any password could be hit by crackers in theory, after millions of millisons of retries. Multi-Factor Authentication(MFA) gives you another level of protection.