If you also use a password manager, a strong master password is the be-all and end-all for the security of your data. However, there is often a lot of confusion about what constitutes a strong password.  

How strong is my current password? And how strong is strong enough? There are no easy answers to these questions. In this article, however, we will try to clear up these questions.  

If you're here looking for recommendations for a good password, you can skip straight to the "Choosing a truly strong password" section.  

Where strong passwords are especially important

The strength of a password is not always important. Why? If, for example, your password is stolen in plain text via a phishing attack, your strong password is of no use at all.  

It is much more important that your passwords are not reused for multiple services to reduce the damage from such attacks. Each web service should have its own unique password. If your credentials fall into the wrong hands, it would be beneficial if they cannot be reused to gain access to all your other accounts, for example through credential stuffing. And since it is impossible to keep hundreds of unique passwords in your head, the use of a password manager is inevitable and almost only logical.  

However, this password manager becomes a single weak point and thus also a target for attackers. Especially when the data stored in the password manager is uploaded to the internet - be it to synchronise it between several devices or simply as a backup - there is always the danger that this data will be stolen.  

Of course, any password manager provider will tell you that all your data is securely encrypted and that you are the only one who has the ability to decrypt it. Sometimes this is true, but often it is a lie. The truth is rather: anyone can decrypt your password data, insofar as they are in possession of your main password or can even guess it.   

This one password must therefore be very difficult to guess. A secure password.   

Oh, and despite the password manager, don't forget to activate multi-factor authentication (MFA) wherever possible. 

How does guessing a password work?

Once someone has your encrypted data, guessing the password you've been encrypted with is a fairly simple process. Figuratively, you can imagine it something like this.  

Copyright: w-vision AG  

Ideally, your password manager has made step 2 in the diagram above very slow. The recommendation for encryption is to allow a maximum of 1000 attempts per second on common hardware. This makes password guessing slow and expensive for the attacker.  

However, passwords are not randomly generated. Unfortunately, still popular and thus frequently chosen passwords like "password1" or "Qwertz123" will be among the first to be tested. Even slowing down the guessing process cannot prevent the decryption of the data if such an easy-to-guess password is used.  

So the goal in choosing a secure password is not to choose one that contains as many character classes (letters, numbers, special characters, etc.) as possible. Nor is it to make the password look complex. No, making it very long doesn't necessarily help either. What matters is that this particular password comes up as low as possible in the list of guesses the hacker makes.  

The mathematics of password complexity

A popular starting point for password guessing is always passwords that are known from previous data leaks. As an example, people often refer to rockyou.txt: a list of 14 million passwords revealed in the RockYou data breach in 2009.  

If your password is somewhere on this list, even at 1000 attempts per second, it will take at most 14,000 seconds (less than 4 hours) to find your password. That's not exactly a long time, and it already assumes that the provider of your password manager has done its homework.  

Since we are talking about computers here, the "right" way is to express large numbers by powers of two. Thus, a password on the RockYou list has less than 24 bits of entropy, which means that it will be found with certainty after 224 (16,777,216) attempts. Each bit of entropy (or information density) added to the password doubles the rate time.  

Obviously, the RockYou passwords are too simple. Many of them would not even be accepted by a modern password manager as the main password. How about a line from a song? Shouldn't this already be difficult to guess because of its length?  

Someone has calculated (and probably overestimated) the number of song phrases available to be 15 billion, so we are talking about 34 bits of entropy at most. This would increase the time to guess the password to half a year.  

Not bad, one might think. Who would take half a year to figure out my password? Only, the song line you will choose will not be at the end of the list. That's already because you don't know all 30 million songs that exist. Ultimately, there are only a few thousand songs you would reasonably choose from, and your date of birth can help narrow it down further. Each song has only a few dozen phrases you can choose from. If you're lucky, you'll get 20 bits of entropy this way, or about 1 million tries, or 17 minutes at 1000 tries per second, to guess the password.  

Estimating the complexity of a given password

It's hard to say how fast real password crackers can figure out a given password. However, you can look at all the patterns that went into a particular password and estimate how many bits they contribute to the result. Let's take a look at this XKCD comic:  

An unusual base word selected from a dictionary of about 50,000 words contributes 16 bits. The capitalisation at the beginning of the word, on the other hand, contributes only one bit, because there are only two possibilities: Upper case or lower case. There are common substitutions and a few random characters added to the end of the word that contribute a few more bits. The end result, however, is a rather unimpressive 28 bits, maybe even a few more, as the scheme for creating the password also has to be guessed. So you end up with a password that looks complex but is not really strong.    

The software zxcvbn-ts tries to automate this process. You can try it out on this website. Don't worry, the calculation runs entirely in the browser and your password is not uploaded anywhere. The guessesLog10 value in the result can be converted to bits using the following formula: Divide by 3 and multiply by 10.  

For "Tr0ub4dOr&3" it shows guessesLog10 as 6.7. Calculating 6.7 ÷ 3 × 10, and thus the complexity for this password, gives about 22 bits. 

The security of real passwords

So far, we have only seen approaches to creating passwords that max out at about 35 bits of entropy. In 2007, Microsoft published a large-scale study on passwords that came to an average (not maximum) password strength of 40 bits. However, as is known today, this study is methodologically flawed and vastly overestimates password strength. The researchers calculate password strength based on the character classes used. According to their method, "Password1!" is a perfect password that is a whopping 63 bits strong. The software zxcvbn-ts already recognises the same password as a leaked one and thus classifies it as insecure. 

Furthermore, there is one more factor to consider: We are not particularly good at remembering complex passwords. A 2014 study concluded that people are able to remember passwords with 56 bits of entropy using a method the researchers called "spaced repetition". Even using this method, half of the participants needed more than 35 login attempts to learn this password.  

Given this, it's safe to assume that most people actually choose much weaker passwords - passwords they can remember without a week's practice. 

Choosing a truly secure password

As I mentioned earlier, we suck at choosing strong passwords. The only realistic way to get a strong password is to have it randomly generated.  

However, we are also very bad at remembering gibberish made up of letters and numbers. This brings us to passphrases: Sequences of several random words that are much easier to remember at the same strength.  

A typical way to create such a passphrase would be Diceware. For example, you can use the EFF word list for five dice. Use either real dice or a website that digitally rolls the dice for you.  

Let's say the result is ⚄⚂⚀⚅⚀. You look up 53161 in the word list and get "rolled". This is the first word of your passphrase. Repeat the process to get the required number of words.  

How many words, you ask? As a "normal person", you can assume that guessing your password will take a century on common hardware. It's not impossible, but decrypting your passwords will cost too much and not be worth it, even on future hardware. Even if your password manager doesn't protect you well and allows 1,000,000 attempts per second, a passphrase consisting of four words (51 bits of entropy) should be sufficient.  

But maybe you are a "valuable target". If you have access to a lot of money or other valuable secrets, someone might decide to use more and faster hardware especially for you. In this case, you should probably use at least five words (64-bit entropy). Even at a much higher rate of 1,000,000,000 attempts per second, guessing your password would take 900 years.