Why do I need a long password?

Security experts suggest that you create passwords with 8 or more characters.  Why does password length matter?  When a hacker attempts a bruce force attack, longer passwords make it more difficult.

The success of the brute force attack depends on two things.  1) password length and 2) number of possible characters that are being tested.

Let’s assume that a brute force attacker will use all lower case letters, all upper case letters, plus about fourteen common keyboard symbols.  That gives the attacker (26+26+14)=66 characters to work with.  A 1-character password has 66 different combinations.  While a 2-character password has 66*66 combinations or 4,356 combinations.  The table below continues the calculation.  The time to crack column is based on testing 250,000 passwords per second.

Characters Combinations Time to Crack
4 18,974,736  76 seconds
5 1,252,332,576 5009 seconds
6 82,653,950,016 4 days
7 5,455,160,701,056 253 days
8 360,040,606,269,696 46 years
9 23,762,680,013,799,900 3014 years
10 1,568,336,880,910,800,000 198,927 years

In summary, when it comes to password security, more characters are safer.