Time and time again, reports surface about how weak passwords most people use. The passwords 123456 and password are still in the top 10. So just to make sure that everyone gets it, here is a brief guide to secure passwords.

Weak passwords

Only in very rare cases does someone actually guess your password. Most password attacks are done by software with sophisticated algorithms. Some classes of weak passwords are:

• Dictionary words: automobile, cupcake, butterfly, atlanta, happiness. These passwords are easily hacked by computers since most dictionaries only have a few hundred thousand words. And most people only have an active vocabulary of a few thousand words.
• Short words with numbers at the end: rose123, john999, good2001
• Personal information: charlotte, 09031984. Names and personal information are easily hacked because there are few combinations.
• Default passwords: admin, password, guest etc. Many products have default values that some people never change. As an example, it's hard to find a place in a city that doesn't have at least on WiFi hotspot called linksys. And is unprotected.

Most of us know that these passwords are weak, but we also know how easily we forget and that's the reason most people have weak passwords.

Strong passwords

A strong password is one that has high entropy or randomness. Even a lower case six-character password is not very strong if it only consists of letters because there are only 26^6 = 308,915,776 combinations. And if the password is a dictionary word, there are only a few thousand combinations.

If you mix upper and lower case characters with digits special and special character, you now have 94 different combinations per position compared to 26 if you only used lower case characters. The total number of combinations for six characters is now 94^6 = 689,869,781,056, which gives 2,000 times more combinations.

If we double the number of characters to 12, we now get 475,920,314,814,253,376,475,136 different combinations.

Strong passwords are very hard to remember and are impractical to type, which is why you want to either use a secure password manager or eliminate the use passwords as much as possible.