How to generate safe passwords?
What is a password and what makes it secure?
Passwords
Passwords are pieces of information that allow validating access to a restricted space. Their possession and knowledge verify the authorization to grant access, denying it to those who do not possess it or do not know it. Currently, a password is composed of a sequence of linguistic characters that together constitute the information necessary to validate a permit.
Security of a password
The security level of a password is established by the difficulty for an agent who does not know the password to successfully determine it.
In an imaginary space where there is no information about the source of the password, the statistical complexity determines its security, with the length and linguistic complexity being directly proportional to its security level.
In the real world, however, the source can be identified and thus the determination of a password becomes less complex if the source is parameterizable. This involves determining all the relationships that can trigger the use of patterns that result in a preference, family, colors, important dates, or by trickery obtaining directly from the source the whole or component elements that determine the password.
From the above observations, it can be deduced that the security of a password is established by: the absence of parametrizable relations to the source and the extension and linguistic complexity of the password. These considerations make a password generator an indispensable tool for the production of secure pieces of information to be used as passwords.
Considerations when using a password generator
When generating a password with a generator such as PassGeni that uses at least an alphabet that includes lowercase characters, uppercase characters and numbers, keep in mind that cracking it by brute force (trying every possible combination) will take a certain amount of time:
Length | PassGeni WITHOUT symbols | PassGeni WITH symbols |
7 | 1 hour | 2+ days |
8 | 20+ hours | 70+ days |
9 | 100+ days | 15+ years |
10 | 20+ years | 1800+ years |
11 | 1000+ years | 200 thousand years |
12 | 100 thousand years | 10 million years |
Important: This data assumes the possibility of successively and in parallel testing several combinations on a compromised source using MD5 hash protection (NOT recommended and NOT part of current standards). It is not valid to relate them to a direct attempt through a user interface provided by a web server as the latter may limit the number of attempts, increase the time between each combination or catalog the attack and its source for taking preventive measures. It is only an illustrative means to reiterate the importance of the complexity and length of a password.
Length | Using your device | Using the full capacity of the Bitcoin network |
Important: This data assumes a brute-force attack involving the ability to successively and in parallel try multiple combinations on a compromised source using SHA-256 hash protection. The Bitcoin network has the largest existing capacity in the world for executing hash functions with the SHA-256 algorithm; using a 20-character-long password generated by PassGeni would take the Bitcoin network longer than the total estimated lifespan of life on planet earth.
Finally, although generation is an important part, storage and usage timing are also critical points that must be considered in order to achieve a higher degree of cybersecurity.