Password length vs average time to crack using Brute Force Hacking.

226

While length will certainly combat brute force attacks, a complex password will help against dictionary and other hybrid type attacks.

Using more character sets and not doing simple replacements (like leetspeek or common substitutions)

Ħ7P0 is stronger than h|p0 is stronger than Hypq0 is stronger than H1pp0 is a stronger than Hippo which is stronger than hippo

Common substitutions would be like @, , for A, !1|iIl for L etc. Avoid these wherever possible, but still use special characters.

Of course you still don’t want a 5 character long password, this is a simplified example.

You’re really best off with random strings that are long. Consider using a locally stored password manager for these.

Handmade Kombologia