There are two components to the strength of your password: Complexity and Length.
Complexity
The complexity is calculated by determining how many possible characters are used in the password. There are 26 letters, 52 when you add upper and lower case characters. Add 10 more combinations for numbers and 24 more for special characters.
That gives us a total of 96 possible characters if you use all four types of characters. To calculate the complexity, you take the number of character possibilities and raise it to the power of the number of characters used.
That means if you have a 4 character password, using one letter from each of the types of characters, there are 96^4 (or 96*96*96*96) possible combinations. That is 45,212,176 possible combinations.
While that might seem like a lot, it would take less than a day to hack that many combinations.
Time to Hack
Computers are getting faster and faster. According to the basics of Moore’s Law, the speed of a computer doubles approximately every 18 to 24 months.
With that, a brute force attack doesn’t need as long to hack a password. A brute force attack means where a hacker tries every possible combination of passwords until they find your password.
To figure out how long it will take to hack a password, we estimated
17,042,497 attempts per second. This is what the estimated computing power will be in 2020.
This is why it is so important for your passwords to be of good complexity, and length, to protect against a brute force attack.