The Science of Password Entropy
For years, we were taught that a "strong" password had to be short and full of complex symbols. Modern math proves that length is far more powerful than character variety.
Password strength is measured in "bits of entropy." Adding a single character to the length (L) has an exponential impact compared to just adding more character types (R).
Hackers use GPUs that can test billions of combinations per second. Here is how different styles hold up against a modern brute-force attack:
| Type | Example | Length | Crack Time |
|---|---|---|---|
| Short/Complex | 4k#L!v9 |
7 | Instant |
| Human Pattern | Summer2024! |
11 | < 1 Day |
| Long Passphrase | blue-elephant-2026 |
18 | ~40,000 Years |
A "Passphrase" uses random words. They are incredibly long but much easier for humans to remember than strings like j%9!Lp#2.