What your password tells about you.
According to experts, passwords will eventually go away and be replaced by biometric data, something else, or an easy-to-use combination of things. However, we are now stuck with using passwords. For the most part, I would argue that passwords, when used intelligently, are pretty good at being used to validate the identity of a user. However, that intelligent part is cumbersome. It is, ensuring that there is a unique password for each application and that there are long passwords, more than ten characters, and complex passwords using special characters, numbers, and upper and lower-case letters. The most important characteristic of good password hygiene is not using the same password for multiple accounts and having long passwords at the bare minimum. In the past, it was thought that changing your password every 90 days or so was a good idea, but that is cumbersome and, at best, serves no purpose other than to annoy users. The point is, what is the difference in password strength between equal passwords? Why make users replace like with like and expect a different outcome? As an example, you assign a difficulty-to-crack score to a ten-character complex password; let us say it is a level G. In the example, it takes 33k years, using current state-of-the-art computing systems, to crack a 10-character complex password (Download the 2024 Hive Systems Password Table ). For an 11-character complex password, it takes 3m years (Hive), and for that, you assign a level F. (Note that the time to crack a password is dependent on many factors. Nonetheless, this serves as a good example of why length is important.) The question is then, what is the difference between password 1 at level G, and password 2 at level G? Changing passwords for the sake of some time period is nonsense.
In an Applied Sciences article from January 2022, titled “Age and Gender Impact on Password Hygiene,” there is a timeless discussion on the difference in password construct. The authors investigated a hack and release of customer data, a total of 110,302 records with passwords, referenced to the users’ personnel and financial data. Meaning that age, gender, and other factors were associated with the password. In general, age is the biggest determining factor in judging password strength. There are slight differences in gender; the difference between male and female password strength is measured in the tenths of a percent, with strength being defined as complexity and length. Males in the 26-45 age range had the strongest passwords. Females, in general, had weaker passwords. An example is password length. All genders have longer passwords the younger they are; the average length for males 26 and under was above 5.9 characters, for females in the same age range, it was 5.8. The difference is slight, about a tenth. At the mid-range, 26-45 years old, the difference is greater with males at less than 6.1 characters, females about 5.7, four-tenths of a difference; at an older age over 45, males are at 5.8, and females less than 5.6. Again, these differences are slight; however, when dealing with counts of hundreds of thousands or millions of users, a tenth of a percent is a difference. This may be, in part, an educational issue as older users, aged 45 and older, of all genders, most likely did not grow up with risks associated with computing. As outlined above, the length of a password is one of the most important considerations in judging password strength; the other is complexity.
In regard to complexity, an interesting consideration is language; many non-English users will use English as their identifier, their email address, and as a password for authentication. In the study, which is based on a sample from a Lithuanian hack, the language breakout for words used was Lithuanian 83,256, and for English words, 81,093. For passwords, the breakout for words used was 1,530 Lithuanian, and for English words 3,044. Consequently, many password dictionaries are in English, and many password-breaking tools focus on English. Of course, there are the same hacking tools for every language: Mandarin, Japanese, German, etc. When it comes to complexity, for every language, there is a finite set of letters in their alphabet or character set; there is also a finite set of special characters. However, not all letters or characters are used with the same frequency, so the goal should be to use the most obscure characters or special characters. The lower-case letter “a” was used the most, with a frequency of 10.12%, followed by s, i, and the number 1, each following “a” with a descending frequency. Note that the special characters were used with the least frequency: the highest frequency was “.” used at 0.04 %, and the special character with the least frequency was “}” with a frequency of 0.0003 %. The objective of a password is to provide secure user authentication. However, in the study, many of the passwords were reused; in fact, some of the passwords were used by different users in the same study or were listed in a password dictionary. In the sample, 40% of the users had their passwords listed in previously leaked databases.
The elements of password strength remain length and complexity. In regard to complexity, the greater the obscurity of the character set, the better. The primary goal in building a password is to make it unique; this uniqueness reduces the probability it has been used before or that it is listed in some password dictionary. A recommendation for achieving uniqueness is to use the special characters that are never used, not the ones above the numbers on your keyboard. The others: {, }, <, ;, these are in the 0.0003 to 0.0008 range of use, meaning they are hardly used at all. The use of one of these obscure special characters will go a long way in ensuring that your password is the one that is the hardest to crack.

171 Comply
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.