Why long passwords matter

When you create a password, you’re not just creating a way to log in to your email, bank, or social media. You’re creating a shield against an invisible enemy: hackers who try to break into your accounts using powerful software and techniques. But why does it matter how long your password is? Let’s break down how passwords are hacked, and why adding just a few extra characters makes your password exponentially stronger.

Most hackers don’t sit around guessing your password one letter at a time. Instead, they use automated tools to perform what is called a brute force attack. Here’s how it works:

1. The hacker runs software that systematically tries every possible combination of letters, numbers, and symbols until it finds the correct one.
2. The software checks billions or even trillions of combinations per second, depending on its power.
3. Short, simple passwords like “dog123” can be cracked in less than a second because the number of possible combinations is very small.

For example, if your password is just three lowercase letters (like “dog”), there are only 26 x 26 x 26 = 17,576 possible combinations. A computer can check all of these in the blink of an eye.

When you increase the length of your password, you exponentially increase the number of combinations a hacker has to try. Here’s why:

• If your password is 8 characters long, and you use only lowercase letters, there are 26⁸ (208 billion) combinations.
• If you add uppercase letters, numbers, and symbols, the possible combinations skyrocket. For example, with 95 possible characters (letters, numbers, symbols) and an 8-character password, there are 95⁸ = 6.6 quadrillion combinations.

But let’s look at a 12-character password with the same 95-character set:

95¹² = almost 475 septillion combinations.

That’s 475,000,000,000,000,000,000,000,000 possibilities. Even the fastest computers in the world would take millions of years to try every combination.

While length is the biggest factor, complexity also matters. Using only lowercase letters is easier to crack than mixing:

• Uppercase letters (A-Z)
• Lowercase letters (a-z)
• Numbers (0-9)
• Special characters (!@#$%^&*)

However, length is more powerful than complexity alone. A 15-character password using only lowercase letters is still stronger than an 8-character password with full complexity. Ideally, use both: long and complex.

• Use at least 12-16 characters…but 20 is better!
• Mix uppercase, lowercase, numbers, and symbols.
• Avoid real words, names, or common phrases.
• Consider using a passphrase: four or five random words strung together, like “CorrectBatteryHorseStaple!” (with additional symbols/numbers for complexity). This is easy to remember but extremely difficult to crack.

Final Thoughts

Hackers are getting faster and smarter. But by creating long, complex passwords, you force them into a losing game. Every extra character makes your password exponentially stronger – protecting your personal data, finances, and privacy.

Don’t make it easy for them. Make it impossible.