Unique passwords also protect your other accounts in case one is ever compromised. Random passwords are unlikely to appear in any attacker’s dictionary, and give no such clues.įinally, unique passwords won’t appear in any database of stolen passwords, which password crackers often use as a starting point in their attacks. A password like “jack and jill went up the hill” may be long, but it is also a known phrase that attackers are likely to try as part of a dictionary attack, and if compromised, would give attackers a clue as to what your other passwords might be. Adding just four characters increases that time to three years. An 8-character password, for instance, would only take about three hours to crack by brute-force. Long passwords are stronger than short passwords because, as length increases, it takes exponentially longer for a modern computer to try every possible combination of characters, a technique called brute-forcing. Therefore the strongest passwords are long, random, and unique. A password’s strength is defined by how difficult it would be for an attacker to crack or guess.