How to generate secure passwords?
What is a password and what makes it secure?
Passwords
Passwords are pieces of information that validate access to a restricted space. Their possession and knowledge confirm authorization to grant access, denying it to those who do not have or know them. Currently, a password consists of a sequence of linguistic characters that together constitute the information necessary to validate a permit.
Security of a password
The security level of a password is determined by how difficult it is for an attacker to successfully crack it. In an imaginary space where there is no information about the source of the password, the statistical complexity determines its security, with the length and linguistic complexity being directly proportional to its security level.
In the real world, however, the source can be identified and thus the determination of a password becomes less complex if the source is parameterizable. This involves determining all the relationships that can trigger the use of patterns that result in a preference, family, colors, important dates, or, by trickery, obtaining directly from the source the whole or component elements that determine the password.
From the above observations, it can be deduced that password security is determined by: the absence of parameterizable relationships with the source and the password's length and linguistic complexity. These considerations make a password generator an indispensable tool for producing secure pieces of information to be used as passwords.
Considerations when using a password generator
When generating a password with a generator such as PassGeni, which uses a character set including lowercase letters, uppercase letters, and numbers, keep in mind that cracking it by a brute-force attack (trying every possible combination) will take a certain amount of time:
Length | PassGeni WITHOUT symbols | PassGeni WITH symbols |
7 | 1 hour | 2+ days |
8 | 20+ hours | 70+ days |
9 | 100+ days | 15+ years |
10 | 20+ years | 1800+ years |
11 | 1000+ years | 200 thousand years |
12 | 100 thousand years | 10 million years |
Important: This data is based on successive and parallel tests of multiple combinations on a compromised source protected with MD5 hashing (not recommended and not compliant with current standards). It does not reflect direct attempts via a web server’s user interface, which may limit the number of attempts, increase the time between each try, or log the attack and its origin for preventive measures. It is purely illustrative to emphasize the importance of password complexity and length.
Length | Using your device | Using the full capacity of the Bitcoin network |
Important: These data assume a brute-force attack involving the ability to try multiple combinations successively and in parallel on a compromised source protected by SHA-256 hashing. The Bitcoin network has the largest existing capacity in the world for executing hash functions with the SHA-256 algorithm; using a 20-character password generated by PassGeni would take the Bitcoin network longer than the estimated time that life has existed on Earth.
Finally, although password generation is an important aspect, storage and the timing of its use are also critical factors to consider for achieving a higher level of cybersecurity.