Password Strength Examples: Understanding Entropy in Real Passwords

📚 Quick Study Guide

• 🔑 Password Strength: Refers to the difficulty for an unauthorized person to guess or crack a password.
• 🔢 Entropy: A measure of the unpredictability of a password, usually measured in bits. Higher entropy means a stronger password.
• 🧮 Entropy Calculation: Entropy can be estimated using the formula: $E = L \cdot \log_2(C)$, where $E$ is entropy (in bits), $L$ is the length of the password, and $C$ is the size of the character set used.
• 🛡️ Character Set: Includes lowercase letters, uppercase letters, numbers, and symbols. Increasing the character set size significantly increases entropy.
• 📏 Password Length: Longer passwords are generally more secure because they increase the possible combinations.
• 💡 Best Practices: Use a mix of uppercase and lowercase letters, numbers, and symbols. Avoid common words, names, and dates.
• 🚫 Weak Password Examples: 'password', '123456', 'qwerty' have very low entropy and are easily cracked.

🧪 Practice Quiz

1. Which of the following passwords likely has the HIGHEST entropy?

   1. password123
   2. P@sswOrd!23
   3. MyBirthdate1990
   4. abcdefgh

2. What does 'entropy' measure in the context of password security?

   1. The length of the password.
   2. The number of symbols in the password.
   3. The unpredictability of the password.
   4. The user's login history.

3. Which of the following is a good practice for creating a strong password?

   1. Using your pet's name.
   2. Reusing the same password for multiple accounts.
   3. Using a mix of uppercase and lowercase letters, numbers, and symbols.
   4. Using only lowercase letters.

4. According to the entropy formula $E = L \cdot \log_2(C)$, what does 'L' represent?

   1. The logarithm of the character set size.
   2. The length of the password.
   3. The entropy value.
   4. The character set size.

5. Why is '123456' considered a weak password?

   1. It's too long.
   2. It's a common and easily guessed sequence.
   3. It contains only numbers.
   4. It has high entropy.

6. Which of the following character sets would result in HIGHER password entropy?

   1. Lowercase letters only.
   2. Uppercase letters only.
   3. Numbers only.
   4. Lowercase letters, uppercase letters, numbers, and symbols.

7. If a password has a length of 8 and uses only lowercase letters (character set size = 26), approximately what is its entropy?

   1. 8 bits
   2. 26 bits
   3. ~37.6 bits
   4. ~42 bits