By Cybersecurity has always struck me as one of the most theoretical of all practical disciplines.
Don’t get me wrong, it’s incredibly important and forms the backbone of today’s digital infrastructure. But when you strip it down to its core, the objectivity sometimes feels… elusive.
Consider the very foundation of it all – the password. We are told that strength lies in complexity: upper case, lower case, symbols, numbers, length. The stronger, the safer. But I often wonder, how objective is that? If today I created a password like “uji_power”, what are the actual odds a hacker would guess that?
Many respected cybersecurity platforms even provide tools to “measure” password strength, as though security could be reduced to a meter or a scale.
Out of curiosity, I tested the same password on two reputable cybersecurity platforms that measure password strength.
– One told me it would take 200 years to hack.
– The other said 3 weeks.
Both cannot be true. And therein lies the puzzle, the fragile border between science and belief in the realm of cybersecurity.
Perhaps security, like many human inventions, is not an absolute but a probability – leaning heavily on models, assumptions, and probabilities, not certainties. A faith that our defenses will hold, even when we know they never truly can.
We build walls not to be invincible, but to delay the inevitable, long enough to live, work, and trust.
