Imagine two different password strength standards:
1. Just a 4 digit numeric PIN like `1981`
2. A 20 character upper/lower/numeric/special-character password like `qmd1tkf7mwa.PQB0qrz$`
--
The PIN has lower entropy and is therefore a lot easier to brute force.
I haven't calculated this stuff myself -- I just used Wolfram Alpha -- but it looks like the PIN would take <1 second to brute force, while the 20 character password would take 7.6 * 10^25 years. [1] [2]
1. Just a 4 digit numeric PIN like `1981`
2. A 20 character upper/lower/numeric/special-character password like `qmd1tkf7mwa.PQB0qrz$`
--
The PIN has lower entropy and is therefore a lot easier to brute force.
I haven't calculated this stuff myself -- I just used Wolfram Alpha -- but it looks like the PIN would take <1 second to brute force, while the 20 character password would take 7.6 * 10^25 years. [1] [2]
--
[1] https://www.wolframalpha.com/input?i=password+strength+qmd1t...
[2] https://www.wolframalpha.com/input?i=password+strength+1981