By adding non-alphabetic characters to passwords, you increase the number of unique permutations by a huge amount. More permutations means, of course, more time required for computers to find the correct permutation. If the password was both long enough (8 characters?), and complex (94 characters available), and randomized (i.e. not recognizable phrases) the number of permutations would be so great that even the most powerful computers (or arrays of computers) couldn’t solve the password within a practical period of time (like, more than a lifetime; given enough time, any computer tasked with this would eventually crack the password).
That approach, however, is/is becoming obsolete. Computers are increasingly powerful, where you now have desktop machines and networks that would leave early supercomputers in the dust. Given that, the current thinking is that *longer* passwords – even just alphabetic passwords – provide better security than shorter, complex passwords. In addition to the evolving need, we have tools (like password apps) that allow humans to manage long passwords (something that wasn’t available when we started widespread use of passwords). It’s probable that you’ll start seeing an increase in character min/max for passwords because of this (along with more two-factor authentication).
Of course… this is all moot with the advent of quantum computing.
Latest Answers