A hacker still has to try every combination when brute-forcing a password, don’t they? If my password was long enough why wouldn’t any type of characters be fine?
​
Best answer given by /r/danceswithsteers below: [https://xkcd.com/936/](https://xkcd.com/936/)
In: Mathematics
I think the ultimate answer to this is the fact that humans *prefer* letters to digits and symbols.
If a lot of humans prefer letters to digits and symbols, then a reasonable hacker will first try passwords with lots of letters in them, and few (maybe even none) digits and symbols.
Incidentally, it’s not just numbers and symbols. In theory, even using *unlikely letters* such as X or Q makes your password less brute forcable, because humans prefer common letters like E. **It really just depends on what everybody else is using for their passwords.**
A hacker is armed with the knowledge of what passwords *generally* look like. Your goal, ideally, is for your password to look as little like other passwords as possible. Having numbers and symbols in your password only makes it more secure because enough other people have neither numbers nor symbols in theirs. Your goal is to be *unique*.
Latest Answers