What does a longer password buy us? Or one with large and small letters?
Every type of character a password can have adds to the number of choices a hacker has to make in order to guess it. For example, if just capital letters were allowed, the hacker has 26 choices. Add small letters and it increases to 52. Numbers make it 62. And so on.
Length counts. Assuming the choices of characters for a password are large and small letters and digits (62 choices), a password of length one has 62 choices. Of length two, there are 62*62 or 3844 choices (versus 26*26 or 676 choices if we used only capital letters). Eight characters gives us 62 to the 8th power (62^8) or 218,340,105,584,896 choices. Yes, over 218 trillion choices. Only using capital letters gives us 26^8 or 208,827,064,576 or over 208 billion choices.
All this math assumes that each character choice in a password has an equal chance of being selected. Unfortunately, most passwords chosen are words out of a dictionary which makes it much easier for someone to guess it…but that’s another article.
