# Password Strength, get familiar with it.

Version 1

Sometimes it becomes a real pain and massive headache when you must remember 20 different passwords for important things every single day, and having the very same one password for more than one account is a dangerous thing to do and a not-so recommendable practice. As well, if you have the idea that it's very unsafe to write them down somewhere, whether digitally or non-digitally, you and I think pretty much alike.

Nevertheless, it is something we must get used to somehow, and the methods we use to keep those passwords safe are not handy most of the times, right?

Anyway! This post attempts to compile and remind you the best practices in keeping out passwords secure, and dealing in between the vast number of services we daily log into and log out of.

Firstable, let's define what are the elements that make our password secure enough.

• length
• avoidance of dictionary words
• avoidance of relevant user information (first name, last name, birth date)
• avoidance of common patterns
• the combination of lower and uppercase letters, numbers and special characters.

The mixture of different character types makes up what’s called the “keyspace”. The keyspace can be computed through the formula CN, C being the number of possible characters and N being the length of the password. To determine the keyspace of the “oh, so common” example, ‘password’, we would use the above formula CN. This example uses only lowercase letters which would bring the C in the formula to 26, i.e. the number of all possible lowercase letters [a-z]. The exponent N is simply the length of the password ‘password’ which in this case equals 8. For our example, the formula turns out to be 268 or roughly 208 billion.

So this means that for an attacker to perform a brute force attack, like trying every single possibility in the keyspace, they would need to try roughly 208 billion possibilities. At first glance you may be thinking, “Oh, that sounds like a pretty secure number to me.” But in reality, it really isn’t.

There are many advanced programs and techniques that are used to speed up the password cracking process including: GPU based cracking, rainbow table assisted cracking, cloud based cracking, and statistical pattern assisted cracking. Using GPU base cracking, a single AMD Radeon HD 7970 can reach speeds of up to 8.2 billion passwords per second. [1] If an attacker were to use the brute force method he or she would crack our example “password” in just less than 26 seconds.