# Passwords: So Important, Yet So Misused

• Print

The mathematics behind possible passwords are called permutations. It had been some time since I had studied permutations, but reading the "Windows Server 2008 Security Guide" reminded me. It explains the importance of password length, creating a larger pool of passwords to guess. Let's review the permutation theory behind passwords.

We want a password that's very difficult to guess yet reasonably easy to remember. Let's start with a simplistic password, three letters long (English) and uppercase letters only. Because our password can repeat letters and combinations, we can express the potential number of passwords as 26 (the number of letters in the English alphabet) to the third power (263). The result, 17,576 passwords, sounds like a lot of potential passwords, but today's very fast computers can blitz through those combinations in record time.

But what happens when we add a few letters to our password? Let's continue with those uppercase letters only, but let's make it a six-character password. That gives us 308,915,776 potential passwords, if my Windows calculator gets it right. Doubling the password length increases the number of potential passwords by a factor of over 17,000! Long passwords clearly are better than short ones.

Of course, those 308,915,776 passwords can be cracked more quickly if you're someone whose password is slightly guessable. Live in Chicago and use "DaBears" (your favorite football team's popular nickname) as your password? You're asking for a quick compromise of your account.