Password Entropy: Often, out of ignorance or passivity, we neglect this simple safety mechanism. Nobody taught us how to use good passwords and we had to learn it ourselves. But we often overlook the keys behind a strong password.
We have so much information online that we don’t even realize how important the mechanisms are to protect us. The foundation of online privacy is the password and we tend to neglect it.
Some people choose very strong passwords that are difficult for them to remember. Others are less complicated and use the same password for all of their online accounts. There are alarming findings such as B. the fact that the most used password in the world is “123456”.
Are your passwords safe? Today we will explain what is behind the term password entropy and how you can calculate the security of your passwords.
development of the password
The security of passwords on the Internet is an issue that is increasing more out of necessity than user eagerness. Most users initially used four digits or letters alongside offline passwords such as ATM or cell phone passwords.
Little by little, companies encourage us to increase the number of digits, whether numbers mixed with letters, whether upper and lower case letters or special characters. In other words, as users we tend to be lazy, we want simple passwords that waste less time. But that’s just wishful thinking these days.
The craziest passwords are the most used ones
We work with a lot of passwords, and it’s easy to get caught up in the “who cares” mentality. But think of the data we have online and draw a simple parallel to the physical world.
Establishing a password whose difficulty poses a threat to intelligence would be like replacing the deadbolt on the door with a cord. These passwords are, believe it or not, the most commonly used:
What is password entropy?
The word “entropy” is traditionally associated with thermodynamics and comes from the Greek “entropia” meaning “toward”. In the context of passwords, it is used as a measure of the randomness of a password.
The higher the entropy of a password, the harder it is to enforce. It is measured in bits and there is a mathematical formula for calculating it:
E = log2(R) * L
E stands for entropy. R is the number of characters available. L is the length of the password. You can also find the entropy of the password by first calculating the number of characters available (R) raised to the power of the number of characters in the password (L) and then taking the binary logarithm (log2) of the result (E = log2(RL)). Let’s see how this works in action:
Creating higher entropy passwords
Suppose you have a password that is six characters long and contains all lowercase letters, e.g. B. “puzzle”. The number of characters available is 26, which means that log2(R) is just over 4.7. Multiplying this by 6 (the length of the password) gives the entropy, which is 28.2 bits.
Let’s swap “puzzle” for “puzzLe”. This time we have an uppercase letter, which means that the number of characters available increases to 52 (26 lowercase and 26 uppercase). The binary logarithm of 52 is 5.7, and the entropy increases to 34.2 bits.
We now replace a few letters with a number and a special character, i.e. “pu>zL3”. If we collect all the letters of the alphabet (both lowercase and uppercase), add the numbers, and include the so-called special characters that are most common in passwords, we get 94 possible characters. The binary logarithm of 94 is about 6.6, which means the entropy of a password like “pu>zL3” is 39.6 bits.
If the calculation is too complicated for you, you can simply use the services of password managers and audit tools and have the entropy of the password calculated.
Change your passwords from time to time
Security breaches occasionally occur. And some services only report security breaches when it’s too late. There are more leaks than you think. It is therefore better if you take action and protect yourself.
In addition, nowadays the connection between different services and devices makes our security even more vulnerable and we often forget what permissions we have given to whom.
If you change your password, be it with the help of a professional provider who can offer you a high password entropy, you are always on the safe side. Would you like to take everything into your own hands? Then set yourself specific deadlines with notifications or alerts. Once a year, for example, is the official password change day!