If someone were trying to get into your computer and they knew the password was comprised of six letters, what’s to stop them from trying every possible six-letter combination?
aaaaaa aaaaab aaaaac aaaaad…
…ZZZZZW ZZZZZX ZZZZZY ZZZZZZ
Somewhere along the way they will hit ‘daisyB’ and voilà!
This method of cracking a password is called a Brute Force Attack, and it’s the simplest, but most time-consuming attack that can be used against secure data.
The longer your password, the more protected you are from Brute Force Attacks. A five letter password using upper- and lowercase letters has 380 million possibilities. That might sound like a lot, but a fast computer could crack that in a few seconds! A nine character password, on the other hand, has 2.7 quadrillion possibilities and that would take even the fastest computer days to crack.
As computers get faster and faster, the length of time it takes to execute a Brute Force Attack gets smaller and smaller. In 1975 a password with 72 quadrillion possibilities seemed secure, since it took a $20 million supercomputer to guess it. By 1998, though, a machine that could crack it only cost $250,000!
Luckily, most services only give you ten or so tries before locking you out. Brute force attacks are generally only useful when you have total control over the system; hackers who steal databases or entire computers have plenty of time to sit around waiting until one clicks!
Cocktail Party Fact
There’s a new idea that it’s more secure to have a phrase as your password. It’s easier to remember “correct horse battery staple” than it is to remember “Tr0ub4dor&3” – and the longer phrase takes about 67,000 times longer to guess!