Protecting your online identity is crucial in The Information Age. More often than not, this protection is afforded us by passwords, a necessary evil. Strong passwords can be difficult to remember while easy-to-remember passwords can often lead to easy-to-compromise accounts. However, there are options to circumvent this dichotomy.
Entropy. What is it? In regard to passwords, it’s simply a way to indicate how random a randomly generated password actually has the potential to be. It’s measured in bits and calculated using the number of characters potentially present along with the length of the password. The value represents how many guesses it would take to crack the password. For instance, a password with 32 bits of entropy would take 4,267,967,296 guesses (with each additional bit of entropy doubling the number of guesses), at most, to crack. I say “at most” because it’s likely that the attacker would be able to compromise this particular password without exhausting all possibilities.
Even if we only need to try half of those guesses–2,133,983,648 to be exact–it would take approximately 25 days at 1,000 guesses per second (and about 49 days for the full 4,267,967,296). This doesn’t take into account any network latency or login attempt limitations, which could dramatically reduce the number of potential guesses per second.
Finally, entropy only applies to random passwords. This doesn’t necessarily mean that it has to be a completely unintelligible string of characters, but higher entropy doesn’t mean much when measuring words in a dictionary…or your dog’s name.
A password’s entropy is inversely proportional to its likelihood of successfully being guessed. Unfortunately, high entropy passwords are often very difficult to memorize, so it’s a good thing password managers exist to help you with this particular issue. These applications and services exist to maintain a vault of your passwords, all locked under a single password. This allows you to have several truly random passwords for various sites and services without needing to memorize them.
The greatest drawback to this system is that if they have your primary password, they have all of the keys to the kingdom. This issue is best guarded against by implementing a particularly tough-to-guess primary password. It may be difficult to remember, but the overall convenience it provides can be worth it. Additionally, it’s only one password to remember, instead of several. Want to learn more about password managers? Take a look at some of the links at the end of this article.
Here at Trademark Productions, we’ve developed a simple password generator. It utilizes a few options to customize the output, so you may tailor it to your needs. In addition, it provides a simple entropy gauge to indicate the strength of the generated password.