This blog has written about using strong passwords to increase safety of your computer and Internet use for a long time. See Passwords, Passwords, Passwords. We’ve stated that a strong password consists of a combination of at least 8 characters, uses upper and lower case letters and special characters (or symbols). We’ve also stated that the reason a password should be strong to be effective is that the longer it takes a hacker to “guess” the password correctly, the better the chances that he’ll give up and move on to a computer with a weaker password that can be broken more quickly. However, the “how long” part has been somewhat of an estimate for most of us. Therefore we are forced to blindly adhere to the strong password complexity guidelines mentioned above and hope for the best.
However, now there is a website that will calculate the correct amount of time a PC, cranking at 4 billion calculations per second, (you’ll have to trust me here) would take to crack the password.
HowSecureIsMyPassword.net measures the amount of time each password entered would survive a PC-based password cracker program.
So, what does this new-found information mean in terms of protecting our passwords and therefore our computers and Internet safety? The answer is that our passwords should be capable of surviving at least a day or so being attacked by a password cracker. I say a day because it’s my belief that a hacker will not stay “attached” to a target for much more than a day or so, probably a lot less. Because the longer he hangs around, the more probable his detection. And because hackers are inherently lazy and will seek out the easiest targets. Let’s face it, if you were a hacker and encountered a strong password that took a day or more to crack, you’d probably consider the target’s owner had some knowledge of other computer security best practices and that this computer would be more difficult to hack than one with a password that was broken in less than an hour.
We did some testing of passwords to illustrate how time-to-crack related to strength and complexity of the password. Here’s what we found. By the way, please don’t use any of these example passwords as your own…remember hackers are lazy and will test these first because they’ve been in an article like this.
Password No. Characters Scheme Time To Crack password
dictionary word Instantly p455w0rd
letters and numbers 11 minutes p455w0rd&
letters, numbers, and 1 symbol 6 days p455w0rd&*
letters, numbers, and 2 symbols 344 days P455w0rd&*
letters (1 cap.), numbers, and 2 symbols 58 years P455w0rd&*+
letters (1 cap.), numbers, and 3 symbols 4000 years
Enough said. Now take a look at your passwords and check them on HowSecureIsMyPassword.net to see how quickly they’d be cracked. If it’s 6 days or less I recommend you strengthen them using the example schemes above. You’ll be glad you did.
Be very careful…it’s dangerous out there.
I hope you enjoyed this article; and if you’d like to receive an email when a new article is posted, please sign up for an email subscription on my home page. Don’t worry…I won’t give your email address to anyone…No One; I hate spam too. Please share my blog with your friends and family. I’m also on Twitter @PaulsInternet .