# The Math Behind a Good Password

This post is actually a preface to another one I’m in the middle of right now, on password managers. But I wanted to take a minute and explain why your workplace insists on bizarre passwords, and how you can capitalize on that in your personal life.

### Why are there password requirements?

When you have to change passwords, it can be a real challenge coming up with one that is compliant with your organization’s password requirements that you can still remember.  If the company is enforcing standard password strength requirements, you need to have at least one capital letter, at least one lower-case letter, at least one digit, at least one “special character” (but some special characters are not allowed). For the love of all sanity, WHY?????

Here’s why:

Imagine a password that you could create using only one character, a lower-case letter. That password could be guessed in no more than 26 attempts, and likely fewer than that. Add the possibility that that one character could be upper-case and it would still take more more than 52 attempts to guess it. Add digits 0 through 9 to the possibilities and would still take only 62 guesses at most. Also allowing all 32 special characters gives you 94 possibilities of guessing that one character. That may sound like a lot, but it still only takes a few seconds per attempt.