PassGeni Home PagePassGeni

How to generate safe passwords?

What is a password and what makes it secure?

Passwords

Passwords are pieces of information that allow validating access to a restricted space. Their possession and knowledge verify the authorization to grant access, denying it to those who do not possess it or do not know it. Currently, a password is composed of a sequence of linguistic characters that together constitute the information necessary to validate a permit.

Security of a password

The security level of a password is established by the difficulty for an agent who does not know the password to successfully determine it.

In an imaginary space where there is no information about the source of the password, the statistical complexity determines its security, with the length and linguistic complexity being directly proportional to its security level.

In the real world, however, the source can be identified and thus the determination of a password becomes less complex if the source is parameterizable. This involves determining all the relationships that can trigger the use of patterns that result in a preference, family, colors, important dates, or by trickery obtaining directly from the source the whole or component elements that determine the password.

From the above observations, it can be deduced that the security of a password is established by: the absence of parametrizable relations to the source and the extension and linguistic complexity of the password. These considerations make a password generator an indispensable tool for the production of secure pieces of information to be used as passwords.

Considerations when using a password generator

When generating a password with a generator such as PassGeni that uses at least an alphabet that includes lowercase characters, uppercase characters and numbers, keep in mind that cracking it by brute force (trying every possible combination) will take a certain amount of time:

Password Length vs. Time
Approximate time data for the determination of a password in a compromised authentication database with MD5 hash protection using a supercomputer
LengthPassGeni WITHOUT symbolsPassGeni WITH symbols
71 hour2+ days
820+ hours70+ days
9100+ days15+ years
1020+ years1800+ years
111000+ years200 thousand years
12100 thousand years10 million years

Important: This data assumes the possibility of successively and in parallel testing several combinations on a compromised source using MD5 hash protection (NOT recommended and NOT part of current standards). It is not valid to relate them to a direct attempt through a user interface provided by a web server as the latter may limit the number of attempts, increase the time between each combination or catalog the attack and its source for taking preventive measures. It is only an illustrative means to reiterate the importance of the complexity and length of a password.

Password Length vs. Time
Data calculated to achieve a 50% probability in determining a password generated through PassGeni in a compromised authentication database with SHA-256 hash protection
LengthUsing your deviceUsing the full capacity of the Bitcoin network

Important: This data assumes a brute-force attack involving the ability to successively and in parallel try multiple combinations on a compromised source using SHA-256 hash protection. The Bitcoin network has the largest existing capacity in the world for executing hash functions with the SHA-256 algorithm; using a 20-character-long password generated by PassGeni would take the Bitcoin network longer than the total estimated lifespan of life on planet earth.

Finally, although generation is an important part, storage and usage timing are also critical points that must be considered in order to achieve a higher degree of cybersecurity.

How to store passwords safely?

Copyright ©2024