CodeX

Everything connected with Tech & Code. Follow to join our 1M+ monthly readers

Follow publication

Member-only story

What Makes a Password Strong: Why What You’ve Been Told Is Wrong

dylan hudson
CodeX
Published in
9 min readJan 21, 2022

2025 update- see my latest on password security here, or some thoughts on the recent hype around AI.

Before we start, try to forget everything you know about passwords. Rules like “Passwords must include a capital letter and a number” or those little “strength meters” that give you the reassuring green checkmark that your password is impenetrable are dangerously misleading and incomplete. Some of the reasons are mathematical, but a lot of it has to do with human behavior as well. Let’s take a look at the math behind the curtain, and why an understanding of human habits can defeat the most powerful algorithms.

Part 1: How do passwords work?

When you type your password and press enter to log in to an account, your password is encrypted (hopefully!), sent to the server, and ‘hashed’ — a mathematical operation converting it into a long string of seemingly random letters, numbers, and symbols- from which it is impossible to tell what the original input was. This hash is stored on the server, so each time you log in, the hashes are compared- not your plain password. This way, only you know your password- not even system administrators can see it, and if the server is…

Create an account to read the full story.

The author made this story available to Medium members only.
If you’re new to Medium, create a new account to read this story on us.

Or, continue in mobile web

Already have an account? Sign in

CodeX
CodeX

Published in CodeX

Everything connected with Tech & Code. Follow to join our 1M+ monthly readers

dylan hudson
dylan hudson

Responses (74)

Write a response