A long password can still be weak if it has low entropy, meaning it’s easy to guess even though it looks long.
Imagine you have a toy box with only two types of toys: red blocks and blue blocks. Even if you line up 10 blocks in a row, if they’re just red and blue, there are only a few possible combinations. That’s like a long password with low entropy, it has many characters, but not enough different choices to make it hard to guess.
Why does that happen?
Sometimes people use patterns or simple rules to make their passwords. For example, they might take a word and add numbers at the end, like “password1234”. Even though it’s long, most of the characters are predictable, it's like using only red and blue blocks again.
How is that different from a strong password?
A strong password has more randomness, like mixing up different letters, numbers, and symbols in no clear pattern. It’s like having a toy box with dozens of different toys, you can make many more combinations, making the password harder to guess.
Examples
- Using a password like 'password1234' might be long, but it follows a predictable pattern.
- A 10-character password made of the same letter repeated is easy to crack despite its length.
Ask a question
See also
- What are dictionary attacks?
- How do passwords work the same way?
- What are passwords?
- What Makes a ‘Good’ Password and Why Are Some Harder to Break?
- What is A strong password is like a secret code that's hard to guess?