The strength of a password is an important measurement of security for any system which uses password or PIN authentication. In this article, I will discuss the theoretical strength, and how it relates to the entropy of a password. Then, I will discuss the practical aspect compared to the theoretical approach — and highlight the big gap between theory and practice. This is an important pre-requisite to understand how to attack in practice a password authentication, and what strategies we can have to defend ourselves against those attacks.

A little bit of combinatorics

To understand the strength of a password we need to go back…


Nowadays, passwords are used everywhere as a way of authenticating that you are really you. While other types of authentication like fingerprint readers exist, the majority of systems still rely on good old password protection. But how much do people really know about how passwords work? I’m going to start tackling the subject by taking a look at how systems check that you typed the right password — without ever storing it.

The theory behind creating secure passwords is actually pretty simple. Commonly accepted wisdom goes like this; passwords are like underwear so keep them private, don’t share them, and…

Istvan Lam

CEO and co-founder of Tresorit. I have cryptography engineer background, now dealing with mostly business and entrepreneurship.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store