PassGeni Home PagePassGeni

How to generate secure passwords?

What is a password and what makes it secure?

Passwords

Passwords are pieces of information that validate access to a restricted space. Their possession and knowledge confirm authorization to grant access, denying it to those who do not have or know them. Currently, a password consists of a sequence of linguistic characters that together constitute the information necessary to validate a permit.

Security of a password

The security level of a password is determined by how difficult it is for an attacker to successfully crack it. In an imaginary space where there is no information about the source of the password, the statistical complexity determines its security, with the length and linguistic complexity being directly proportional to its security level.

In the real world, however, the source can be identified and thus the determination of a password becomes less complex if the source is parameterizable. This involves determining all the relationships that can trigger the use of patterns that result in a preference, family, colors, important dates, or, by trickery, obtaining directly from the source the whole or component elements that determine the password.

From the above observations, it can be deduced that password security is determined by: the absence of parameterizable relationships with the source and the password's length and linguistic complexity. These considerations make a password generator an indispensable tool for producing secure pieces of information to be used as passwords.

Considerations when using a password generator

When generating a password with a generator such as PassGeni, which uses a character set including lowercase letters, uppercase letters, and numbers, keep in mind that cracking it by a brute-force attack (trying every possible combination) will take a certain amount of time:

Password length vs. time
Approximate time required to determine a password in a compromised authentication database protected with MD5 hash using a supercomputer
LengthPassGeni WITHOUT symbolsPassGeni WITH symbols
71 hour2+ days
820+ hours70+ days
9100+ days15+ years
1020+ years1800+ years
111000+ years200 thousand years
12100 thousand years10 million years

Important: This data is based on successive and parallel tests of multiple combinations on a compromised source protected with MD5 hashing (not recommended and not compliant with current standards). It does not reflect direct attempts via a web server’s user interface, which may limit the number of attempts, increase the time between each try, or log the attack and its origin for preventive measures. It is purely illustrative to emphasize the importance of password complexity and length.

Password Length vs. Time
Data calculated to achieve a 50% probability of determining a password generated by PassGeni from a compromised authentication database protected by SHA-256 hashing
LengthUsing your deviceUsing the full capacity of the Bitcoin network

Important: These data assume a brute-force attack involving the ability to try multiple combinations successively and in parallel on a compromised source protected by SHA-256 hashing. The Bitcoin network has the largest existing capacity in the world for executing hash functions with the SHA-256 algorithm; using a 20-character password generated by PassGeni would take the Bitcoin network longer than the estimated time that life has existed on Earth.

Finally, although password generation is an important aspect, storage and the timing of its use are also critical factors to consider for achieving a higher level of cybersecurity.

How to store passwords safely?

Copyright ©2025