Here is a mathematical problem: how long would it take a hacker to guess your password if it was ChOose#W!sely@*?
When you choose a password that has a certain length, L, with N possible choices of characters in each position, the password space that your combination belongs to is the product of possibilities: N multiplied by itself L times: N in power L, or N^L.
For example, let's look at a six-character password made of small letters:
L = 6, N = 26
26^6 = 308,915,776 possible choices
How long would it take a computer that spends 1 second testing a possible combination to guess such a password?
308,915,776 seconds = 5,148,596 minutes = 85,810 hours = 3,575 days = 9.8 years
However, this estimation of a computer's speed is way dated. The reality is much scarier. A modern computer can try more than 17 million choices per second. A six-character password made of small letters would be cracked in less than 20 seconds.
What can be done to make a password more difficult to guess? There are three options: making it longer, using more characters, or both.
For example, if we could use not only small letters, but also capital letters, digits 0-9 and special symbols, we would have a choice of 26 + 26 + 10 + 33 = 95 characters!
There are 15 characters in ChOose#W!sely@*, corresponding to 95^15 = 463,291,230,159,753,366,058,349,609,375 possible choices. That's 14,690,868,536,268,181,318,440 years before a modern computer would go through every option. That's more than the age of our universe. Feels safe to me!
But only until our computers get faster...
