In our age of cyber war and cyber crime, it is critically important to select and use "good" passwords to protect user accounts. A well-known general rule says that passwords should contain a mix of letters, numbers, and special characters. In this paper I will show mathematically that this rule is a misbelief. Instead of this, the length is the significantly important attribute. Then I will analyse the most common password structures and give an estimation on the time requirements of brute force attacks. (Un)fortunately there are a lot of password lists originating from a lot of intrusions and data thefts to analyse, and we have the incredible results of the latest brute force experiments. On the basis of these calculations we can state that passwords can give us strong protection if we apply some simple rules, unless the password encoding algorithm of the operating system is too weak. It is worth the time and energy for mathematicians to develop stronger hash functions and OS manufacturers to apply them, but this is not discussed here, and nor is how password using habits have changed.
CITATION STYLE
Keszthelyi, A. (2013). About passwords. Acta Polytechnica Hungarica, 10(6), 99–118. https://doi.org/10.12700/aph.10.06.2013.6.6
Mendeley helps you to discover research relevant for your work.