As we all know, English is the language of computer science. This has an impact on many things; one of them is character encoding. When the first systems were created, they included the English character set, which happens to be narrower than in most languages. With time, they needed to include more characters, to support more languages. This is how we went from ASCII, a 128 characters “pond”, to Unicode, with more than 120,000 characters.
But, how does this link to password security?
Any password can be cracked sooner or later, but creating a secure password is important: the stronger your password is, the longer it will take to be cracked. Any “exotic” characters from languages other than English might improve the strength of your passwords.
The reason behind this is the bigger the “pond” where hackers have to search for the characters that form your password, the longer it will take them to guess it. Adding characters from different languages, such as French (ç), Spanish (ñ), German (ß), etc., can improve the strength of your password.
All this, combined with other characters such as numbers or punctuation marks, also increase your password’s security. As you can imagine, each new character increases the time it takes to crack the password. Therefore, longer passwords are more secure as long as they are made of random characters.
Ok, but what if I cannot use “exotic” characters?
Yes, there are sites where non-ASCII characters cannot be used. In fact, nowadays they make the mayority of them. So, until we live in an Unicode-ideal world, there are also a few general norms you can follow if you want to have stronger passwords:
- Don’t use words because they can be easily found in dictionaries. Some programs that are made to crack passwords include dictionaries so they can check if your password includes any of the words in it. Of course, these dictionaries usually contain only one language, so the moment you include words from different languages you are increasing the number of combinations the program has to try to decryp your password.
- Even using two or three dictionary words with only small modifications like capitalizing, including numbers or “exotic” characters in the end won’t create a secure password.
- There are many mistakes we can make when creating a password that can be easily avoided. One of them is creating emotional passwords (including names, dates of birth, etc). The number of passwords that have an emotional bond with its owner is high. Hackers also know it, so every time we create a password with emotional content we make their work easier.
Too much hassle?
As explained in this previous blog post, you can also generate extra-strong new passwords and automatically log in to websites using a password manager like Sticky Password.
Will this all prevent my password from being cracked?
Yes and no. The majority of the “hacks” that happen today are not from really advanced programmers, or people just merely guessing, like you see in the movies. The majority of the time they get passwords by tricking people into entering their personal information into a fake website, malicious email, or they install a keylogger virus on their computers. This kind of virus tracks and sends the information when someone types it.
Avira helps you preventing keylogger attacks, blocking malicious emails and warning you when you enter into a malicious website.
This post is also available in: French