markngolf wrote:
That’s correct if only digits are used, but if letters are also used, the number of possible passcodes is much greater.
Mark 😃
There are a lot of good articles on how to generate good passwords or better yet, passphrases.
A good passphrase should be at LEAST a minimum of 16-18 characters consisting of numbers, upper and lower case letters, and ASCI characters. Simple rule - the longer, the better.
For example: $maryhadAlittlelamb9#
This has 21 characters with the ASCI characters $ and #,a number, and lower and uppercase letters. I checked this simple passphrase with several passphrase checkers and all estimated it would take many thousands of years to break. Most people use passwords or phrases with 8-9 characters. Even desktop computers can crack these in minutes using specialized cracking software.
This passphrase is easy for most to remember and is very secure due to its size. Despite what is seen in movies, passwords or phrases are NOT cracked character by character. Most passwords or passphrases are either stolen or deduced when weak passwords such as the owner's birthday, kid's names, address, or pet's name are used. Or even worse, 12345 or qwerty.
Cracking this passphrase will require the cracking software to use the brute force method, that is, to TRY every combination of letters, numbers and ASCI symbols until it gets the correct combination. And remember, the cracker does NOT know how many characters are in the passphrase so not only the characters themselves have to be correctly determined but the actual number of characters must be found. This all adds up to a LOT of computing time and power.
The goal in passwords or passphrases is to NOT be the low-hanging fruit. If it takes more than a few minutes to break into the normal person's account, the scammer or thief will move on. There are always people using simple and stupid passwords that can be cracked almost instantly. Do NOT be that person.