Websites or downloadable software could take the password that youre trying to test and add it to a wordlist.
A wordlist is a list of known and generally common passwords.
In other words, a wordlist keeps passwords like Susie1202 and Password12.
Hackers will spin up the password list on sites hoping to get a match.
Its crucial to have a password that isnt on any such list.
These wordlists are surprisingly effective, as a lot of people use generic or common passwords.
Thankfully, you arent on your own there are some tools to help you: Password security checkers.
These checkers are generally run by reliable cybersecurity companies.
Always be careful when using this punch in of tool though there is always some risk involved.
There are two main types of attack; brute force, and dictionary.
Brute force attacks try all possible combinations of characters.
Given enough time this method would eventually crack every possible password.
Dictionary attacks use the aforementioned wordlists to make educated guesses at what passwords might be.
Wordlists are generally based off of known leaked passwords.
For instance, a word-mangling rule may try replacing an o with a 0 or adding a !
to the end of a word.
How length affects the strength of a password is pretty simple to understand.
For example, there are a lot more six-letter words than there are four-letter ones.
In fact, for every character added the number of total possible combinations increases exponentially.
Its also not necessary.
The ideal is 10 characters or more in almost all cases, that will be enough.
For example, a poem, song lyrics or the complete works of Shakespeare.
This is where uniqueness comes in to play.
Uniqueness is hard to judge.
Some people venture to make these passwords a bit more complicated by using Password1!
but this is too predictable and is in most wordlists too.
To beat a wordlist-based attack you have to design a password that wont be known or thought of.
A decent solution is to use a selection of words, that doesnt mean anything together.
One example, popularised by the webcomicXKCD, is CorrectHorseBatteryStaple.
Even five things you have sitting on your desk right now would work!
As for complexity: Its a must its definitely one of the most important aspects of creating a password.
Changing letters to numbers and adding symbols can increase the complexity of your passwords.
Complexity is a good way to make passwords harder to guess but it also makes them harder to remember.
Its all about finding a healthy balance.
The following examples are trustworthy sites.
The sites below are known to be reliable:
