So what makes a good password?
This is a common question we get asked particularly at the beginning of the month when many on campus are preparing to change their password when they come due for the annual password change required to maintain their Allegheny network account.
LITS defines a good password as one that:
- is of reasonable length (at least 14 characters)
- has some complexity
- is memorable
- is unique from other passwords
- is not easily found
- is changed at least once a year.
NoticeYour username and passwords are the keys to your digital life. It is in your best interest to use good passwords and have a unique password for each of your accounts.
Reasonable Length – Allegheny account passwords must be at least 14 characters long. We encourage them to be longer. The greater the length of a password the longer it will take for software to crack it.
For example: Consider the following estimates of how long it would take to crack a letter-only password:
- A seven-letter password is likely cracked in under a second.
- A nine-letter password is likely cracked in two minutes.
- A twelve-letter password would take roughly four weeks.
TipLength matters when it comes to passwords.
Complex – By adding complexity combining upper and lower case letters, numbers, and/or non-alphanumeric characters, the estimated time to crack increases exponentially.
For Example: consider what happens to the estimated time to crack a 12-character password when you do the following:
- Replace one letter with a number and four weeks jumps to four years.
- And then Capitalize one of the letters and now it takes 3,000 years.
- And then replace a letter with a special character and it would likely take 34,000 years.
If you add a special character (making it a 13-character password), you would be looking at three million years. Adding one more special character to make it the full fourteen raises the estimate to over 200 million years.
CommentAgain, length matters. Complexity matters too. Balancing complexity, length, and remember-ability is the key. If a password is long and complex, but you have to write it on a Post-it note stuck to your monitor or keyboard, its value is suspect. A memorable password is most important.
*estimates on time to crack come from How Secure Is My Password?