by AVG Blogs

The P4ssw0rd Myth?

It’s nothing new that there are bad people out there on the internet who, if they should get the chance, would steal your personal details and your banking ones too.

The news is full of hacking these days, with companies, multinational organisations, governments and individuals on the receiving end of some pretty serious privacy breaches.

Obviously, most of us don’t have a say in government or company security policy so it’s up to us to keep our own digital lives safe and while this can involve a number of steps including both software and hardware, it often comes down to passwords.

Your password is your basic online defence, the key to much of your information. We at AVG and other security experts recommend you to use a different password for each site (or at least a few variations) limiting any damage were your password to be compromised. However, we understand that most people aren’t overly worried by hacking and multiple passwords can be difficult to remember.

Interestingly, randomly generated passwords have become all the rage over the last few years and we at AVG have recommended passwords with a mix of characters and symbols. Sometimes these come in the form of passwords that are generated completely at random such as PhuR7Tr$.

Of course, the difficulty comes in remembering these random passwords, and that’s not even taking into account if you were a good citizen and have a dozen or so of them for the various websites you use.

Maybe there is another way, below is an episode of the famous webcomic xkcd which touches on this very subject.

This comic is saying that the password in the top frames “Tr0ub4dor&3″ is easier for password cracking software to guess than “correcthorsebatterystaple”.  And it is absolutely true that people make passwords hard to remember because that means that they are “safer”.

The important thing to take away from this comic is that longer passwords are better because each additional character adds much more time to the breaking of the password.

Steve Gibson from the Security Now podcast did a lot of work in this arena and found that this password “D0g…………………” is harder to break than this password “PrXyc.N(n4k77#L!eVdAfp9″.  Steve Gibson makes this very clear in his password haystack reference guide and tester:

“Once an exhaustive password search begins, the most important factor is password length!”

That’s what xkcd is trying to get through here.  Complexity does not matter unless you have length in passwords.  Complexity is more difficult for humans to remember.  Length is not.