Why is a password with both numbers and letters stronger than one with only letters? Attackers will include numbers in their brute force attempts anyway, so how does it make a difference?

1.03K viewsOtherTechnology

Why is a password with both numbers and letters stronger than one with only letters? Attackers will include numbers in their brute force attempts anyway, so how does it make a difference?

In: Technology

26 Answers

Anonymous 0 Comments

Counter question: why is “password” any less secure than any other 8 character password? If the attacker goes straight to attempting a brute force with all allowable characters, it’s just as secure any other password. But an attacker is likely to try “password” along with any other commonly used passwords before attempting a brute force attack.

The same goes even for random passwords that can’t be cracked with a dictionary attack. If an attacker thinks there is any chance your password is only letters, they’ll try brute forcing only letter passwords before attempting to brute force alphanumeric passwords, before trying to brute force passwords with special characters. That first only letter attempt will execute much faster, so the password is less secure.

Edit: guys I’m aware that dictionary attacks exist. OP was asking about a brute force attack, and I was using “password” as a hyperbolic example for why some passwords are obviously less secure despite being equivalent under a raw brute force through the entire key space.

You are viewing 1 out of 26 answers, click here to view all answers.