Skip to content
This repository has been archived by the owner on Oct 17, 2020. It is now read-only.

en | Tips | Long Passwords Are Good

Jump to bottom
luckyrat edited this page Jan 14, 2013 · 1 revision

Long passwords are usually more secure than short but complicated ones (aaaaaaaaaaaaaaaaa is an exception to this rule!)

OK, so "aaaaaaaaaaaaaaaaaaa" is an extreme example to make a point but it might surprise you to know that password length is actually more important than the complexity of the characters in the password. Websites often force you to use particular types of character in your password but if they instead forced a minimum length of about 13 characters the security for their users would be far higher.

There are a vast number of considerations to take into account when determining the strength of a password, including the method by which someone can attempt to work out your password. The simplest situation to imagine is when an attacker is able to test lots of different possible passwords until they find one that matches your password so lets keep this little tip simple and consider only that scenario.

Think of a 7 character password: "e p&2Vq". That's got upper case letters, lower case letters, numbers and symbols in it, everything that you're told to include to make a password secure; its length is pretty much average and many websites encourage the use of passwords of around this length. Guess how long it will take to crack?

There are this many possible combinations of 7 character passwords: 7.06 x 1013 Divide in half for the "average" number of tests required: 3.53 x 1013 Apply a cheap consumer graphics card to the task of testing the passwords at a typical rate of 3 billion per second: 11,767 seconds In other words:

3.3 hours

Not great!

Compare this to a password that's just a handful of characters longer but includes only letters: "aaaaaAAaaaaa". The search space is so much larger that it would take...

4.2 centuries

Hardly military level protection but it's clearly much better to add those extra characters than to have a short password with lots of different character types.

So in summary, always use the longest possible password - KeeFox can remember it for you so you might as well make it complex too but if you have to sacrifice one or the other, always sacrifice extra character types before you sacrifice length.

As long as you allow KeeFox to generate secure passwords for you, there's not a huge need to understand more about password security but there is a huge amount more to learn so if you're interested this page is a good place to start - there's lots of explanation under the calculator and some good links to further resources at the end of the page.

If you're interested, "aaaaaaaaaaaaaaaaaaa" would take about 8.4 million centuries to crack... except for the fact it's such an obvious thing for an attacker to try early in their attack... and that it's now written on a page discussing how to make a secure password.

WARNING!

OLD INFORMATION

The information in this Wiki is out of date.

It is only of interest if you are using the old add-on called KeeFox in a very old (insecure) version of Firefox or other browsers based on the old Firefox XUL technology.

Read the manual for Kee and KeeBird instead.

Clone this wiki locally