Password security

A password is a secret string of characters used to verify a user's identity and protect access to systems, accounts and data. Its security depends on length, character variety and unpredictability. The more entropy (measurable randomness) a password has, the more time and resources an attacker needs to guess it.

In today's digital age, the average person manages over 100 online accounts. The tendency to reuse passwords or choose easy-to-remember ones creates serious risks: the breach of a single service can compromise all accounts sharing the same password.

History & evolution

The first computer password was implemented at MIT in 1961 by Professor Fernando Corbató for the CTSS (Compatible Time-Sharing System). By 1962, the first password theft had already occurred when a researcher obtained the password file to gain extra machine time.

The need for complex passwords became urgent with the Morris Worm (1988), the first virus to exploit weak passwords to spread across the Internet. From the 2000s onward, massive database breaches revealed that most users chose extremely simple passwords, forcing services to impose minimum complexity requirements.

Today, modern standards recommend long passphrases rather than short complex words, password managers to maintain unique keys per service, and multi-factor authentication as an additional security layer.

Best practices

Properly protecting digital accounts requires applying proven cybersecurity principles:

Use long, unique passwords. A 16-character password takes millions of times longer to crack than an 8-character one. Use a different password for each service: if one is compromised, the rest remain protected.

Prioritise length over forced complexity. A passphrase like "correct horse battery staple" is far more secure and easier to remember than "P@ssw0rd!" because it has much more entropy.

Use a password manager. Tools like Bitwarden, 1Password or KeePass let you maintain hundreds of unique, strong passwords without having to remember them all.

Enable two-factor authentication (2FA). Even if someone obtains your password, 2FA prevents access without the second factor. It is considered the individual security measure with the best cost-effectiveness ratio.

Use cases

Secure password management is critical in many contexts. On a personal level, protecting email, online banking and social media with unique, strong passwords prevents a single breach from having a domino effect. In a professional context, company policies require periodic password rotations and the use of corporate managers to control access to sensitive systems.

For developers and system administrators, generating high-entropy credentials for APIs, databases and servers is essential. Security audits regularly identify weak passwords as one of the most exploited attack vectors. The Have I Been Pwned portal records over 12 billion leaked credentials, illustrating the real scale of the problem.

Curiosities

  • "123456" has been the world's most used password for over 5 consecutive years. It can be cracked by brute force in under a second with modern hardware.
  • The password "ji32k7au4a83" is surprisingly common in Taiwan because on a phonetic Chinese keyboard (Zhuyin) it literally means "my password".
  • 1990s standards considered 6-character passwords secure. Today the recommended minimum is 16, and it grows each decade with increasing computational power.
  • Psychologist George Miller discovered in 1956 that humans reliably remember 7 ± 2 independent items — which is why password managers are essential for managing 100+ modern accounts.

You might be interested in...

Password generator

Generate strong and random passwords. Analyze the strength of existing passwords. Customizable options for length and characters.

Cipher tool

Classic cipher tool with Caesar, ROT13, Atbash, Vigenère, substitution, Base64 and XOR. Includes automatic Caesar decoder. For educational purposes.