👨‍💻 Berkan's Blog

Complexity in Passwords is Crucial for Security

Published by Berkan K. on January 19

book 5 min read

In today’s world, picking a strong password is like choosing a really good lock for your online life. But even the best lock can be picked if someone tries hard enough. Let’s break down how to make that lock as tough as possible, why adding an extra layer of security is a smart move, and peek into the future of computer technology.

The Math Behind Passwords

When you create a password, the strength of that password which is its ability to resist being guessed or cracked is all about the numbers. Let’s use some simple math to see why.


Exponential Growth: Imagine you have a password that can only use numbers (0-9). If your password is one digit long, there are 10 possible passwords (0 through 9). If it’s two digits long, there are 100 possible passwords (00 through 99), and so on. Every time you add a digit, you multiply the number of possible passwords by 10. This is what we call exponential growth.


Now, replace those digits with letters, numbers, and symbols. Let’s say you have 70 possible characters to choose from. A 1-character password has 70 possibilities. But a 2-character password doesn’t just double the possibilities—it squares them (70x70). Add another character, and you cube the possibilities (70x70x70), making the password exponentially harder to crack with each additional character.


Adding Just One More Character: Adding just one extra character to your password can change the game. For instance, going from a 5-character to a 6-character password isn’t just a small step; it’s a giant leap in complexity. If a password has 70 possible characters, adding one more character jumps from 16,807,000,000 combinations to a staggering 1,176,490,000,000 combinations.

Real-World Application

Let’s say a hacker has a computer that can guess 100 billion combinations per second. A 5-character password might fall in minutes. But add just one more character to make it a 6-character password, and now we’re talking about hours or even days of non-stop guessing required. Add another character, making it 7 characters long, and suddenly it might take years. This shows the power of exponential growth in protecting your online identity.

Recently Released GPUs are Even Faster

In an impressive display of computing power, Kevin Mitnick, Colin M., and the KnowBe4 team assembled a rig composed of 24x NVIDIA RTX 4090 GPUs and 6x NVIDIA RTX 2080 GPUs, all orchestrated by Hashtopolis to distribute Hashcat tasks across multiple machines. This setup is a massive powerhouse for cracking passwords, showcasing the reality of what modern computing can achieve. Before jumping into the numbers for the rig, let’s look at the number for a single RTX 4090 GPU based on a benchmark from by Chick3nman.


The benchmark showed that he was able to get a throughput of around 288.5 GH/s NTLM. If you are familiar with GH/s, you’re probably already blown apart. For others, this number is equivalent to 288.5 BILLION hash computations per second. In case you are wondering about the size of the number, here it is: 288.500.000.000. Crazy right? It gets even scarier when we look into the previously mentioned rig.


The throughput for NTLM hash computations with the build skyrockets to an astonishing 7.25 trillion hashes per second (TH/s), while for MD5, a still widely used yet deprecated hashing algorithm, it reaches 4.16 TH/s. These numbers underline the immense brute force capability available to both good and bad actors today.

Why 2FA and YubiKey?

Even the strongest password can be compromised, which is why adding an extra layer, like 2FA is a great idea. A YubiKey, a physical device that you keep with you, acts as a super-secure key for this extra layer. It’s like mixing both a password and a physical key to unlock your online life, making it doubly hard for intruders to break in.

A Peek into the Future

Quantum computers are like supercharged computers from the future. They can solve problems in seconds that today’s computers would take thousands of years to crack. This includes breaking the codes we use to keep our information safe. While they’re not a big threat right now, they could make many of our current security methods obsolete. The technology is still emerging being a reminder that the digital security landscape is always evolving, urging us to stay ahead with the strongest protections we can make use of.

Steps to Fortify Your Digital Life

  1. Complex Passwords is Key: The longer and more complex, the better. Each character exponentially increases security. Aim at least for 12 characters or more. Remember mixing this with uppercase, lowercase, numbers and symbols.
  2. Embrace 2FA: Adding a physical element like a YubiKey means even if someone guesses your password, they still can’t get in without the key.
  3. Dont be Predictable: Avoid common patterns or words. The more unpredictable, the better.
  4. Phrases are Actually Good: Consider passphrases. A string of random, unrelated words can be a easy to recall but really hard to crack due to its length.
  5. Trust in a Vault: Everything I just mentioned can be quite hard to remember. That is why using a good password manager like 1Password can spare you the headache. Not only will a password manager remember your passwords for you, but they can also generate and remember complex passwords, again so you don’t have to.

By understanding the math and principles behind secure passwords, leveraging additional layers of security like 2FA and YubiKeys, and keeping an eye on future technologies, you can significantly strengthen your online identity. Remember, the stronger your lock, the safer your online life.

Author
profile
Hello, I'm a 23-year-old Software Engineer based in Denmark, specializing in Cybersecurity and
Fullstack Development.

Beyond programming, I enjoy sharing my journey and insights through writing, aiming to contribute to the tech community and inspire like-minded professionals.

Post Details Category