Now that you’ve had time to play around with the password strength tester, write down your answers to the following questions. For 2 through 5, include how long it would take to guess the password.

1. Why do you think websites commonly require you to have at least 8 characters, and a mix of uppercase characters, lowercase characters, numbers, and symbols?

Websites require these password criteria to enhance security. A longer password typically increases the number of possible combinations, making it harder for attackers to guess or crack it using brute force methods. Additionally, the inclusion of a mix of character types (uppercase, lowercase, numbers, and symbols) significantly increases the complexity of the password, further enhancing its resistance against guessing attacks and common vulnerabilities.

2. Try making 8 character passwords using only lowercase alphabet characters (a-z). What is the strongest password you can make?

An example of a strong 8-character password using only lowercase letters could be: 'wxyzqrst'.

• Time to guess: There are 26^8 (approximately 208 billion) combinations, which could take years to guess with a brute force attack, depending on the attacker's resources.

3. Now try mixing upper and lowercase characters, still only 8 characters total. Now, what is the strongest password you can make?

An example of a strong 8-character password mixing upper and lowercase letters could be: 'AqWrTyZx'.

• Time to guess: With both uppercase and lowercase letters, there are 52^8 (approximately 53 trillion) combinations, significantly increasing the time required for a brute force attack.

4. Now try adding numbers and symbols, still only 8 characters total. Now, what is the strongest password you can make?

An example of a strong 8-character password that includes uppercase letters, lowercase letters, numbers, and symbols could be: 'A7$bN8pZ'.

• Time to guess: Now we have 94 possible characters (26 lowercase, 26 uppercase, 10 digits, and 32 symbols), leading to about 94^8 (approximately 6.1 quadrillion) combinations, which makes it extremely difficult for attackers.

5. Now, using only lowercase characters, make a password that is 20 characters or longer. Is this password better or worse than an 8 character password with letters, numbers, and symbols?

An example of a 20-character password using only lowercase letters could be: 'abcdefghijklmnoqrstuvwxyz'.

• Time to guess: There are 26^20 combinations (approximately 1.2 quintillion). While this is a very large number, it is weaker than an 8-character password that includes a mix of characters because it lacks variety. The complexity of a shorter password with a mix of characters significantly surpasses the longer but simpler password.

6. As you play around with different types of passwords, what seems to be the single factor that guarantees a strong password?

The single most important factor in ensuring a strong password is complexity. This includes using a sufficient length of characters combined with variety in character types (uppercase, lowercase, numbers, and symbols). The more diverse and lengthy the password, the harder it is for attackers to guess or crack it.