Password Complexity - What Matters the Most?

The number of daily internet users is consistently increasing, which means the number of vulnerable passwords is increasing as well. As a result of users’ increased presence online, malicious attackers are looking to exploit the lack of complexity in user passwords.

When creating a new account on a website, streaming service, etc., you often see specific password requirements for length and character complexity (certain length, special characters, capitalization, etc.). While sometimes this can seem overbearing and annoying, it is important to understand that a complex password is often a more secure one.

To best explain how attackers look to exploit passwords, we have created a die scenario that we will walk through. Through this example, we will look at how the complexity and length of a “secret sequence”, can make it harder for a hacker to break into an account.

The setup begins by selecting a sequence that we must keep secret; this secret sequence will be our password. For our example, our secret sequence will be “2145”.

If you wanted to add more security to your number sequence, you would want to increase the length of the overall sequence and use more numbers than just 1-6. By making these easy and simple changes, you would increase the difficulty of guessing the secret sequence immensely.

Now let’s take this example and apply it to passwords. Hackers regularly perform an attack known as a “Brute Force”, where they are attempting to guess account passwords. Hackers can use computer programs to automate this attack so they can attempt thousands of passwords in just seconds. These brute force attacks can be carried out where an attacker has the program randomly guess characters and numbers in a sequence until they obtain access to the account.

Hackers frequently use a brute force method, known as a “Dictionary Attack”. This type of attack uses common words that one would find in a dictionary, to guess an account’s password. Hackers will include numbers and special characters with these words, so the chances of them guessing your password are increased.

So, how exactly does one protect themselves from a hacker guessing their password or obtaining the password from a brute force attack? Just like in our example, we can increase the complexity of our passwords. By making simple changes to increase the complexity of your account passwords, such as using longer passwords, with more complexity in the characters (i.e. special characters, numbers, and a mixture of lower case and capitalized letters), you can reduce the risk of your account’s password being guessed by a hacker. This will protect your personal, business, or sensitive information from being stolen by hackers.

Does your company have the right cybersecurity plan in place? Contact us for more information on how our customizable services may help protect your business.

Posted by Kyle Rauschelbach with additional contributors Mike Harber, Brendan Kenney & Max Winterburn