Passwords:How Strong Is Strong?

Password Funny Reminder with BulldogThis blog has written about using strong passwords to increase safety of your computer and Internet use for a long time. See Passwords, Passwords, Passwords. We’ve stated that a strong password consists of a combination of at least 8 characters, uses upper and lower case letters and special characters (or symbols). We’ve also stated that the reason a password should be strong to be effective is that the longer it takes a hacker to “guess” the password correctly, the better the chances that he’ll give up and move on to a computer with a weaker password that can be broken more quickly. However, the “how long” part has been somewhat of an estimate for most of us. Therefore we are forced to blindly adhere to the strong password complexity guidelines mentioned above and hope for the best.

However, now there is a website that will calculate the correct amount of time a PC, cranking at 4 billion calculations per second, (you’ll have to trust me here) would take to crack the password.

HowSecureIsMyPassword.net measures the amount of time each password entered would survive a PC-based password cracker program.

image

So, what does this new-found information mean in terms of protecting our passwords and therefore our computers and Internet safety? The answer is that our passwords should be capable of surviving at least a day or so being attacked by a password cracker. I say a day because it’s my belief that a hacker will not stay “attached” to a target for much more than a day or so, probably a lot less. Because the longer he hangs around, the more probable his detection. And because hackers are inherently lazy and will seek out the easiest targets. Let’s face it, if you were a hacker and encountered a strong password that took a day or more to crack, you’d probably consider the target’s owner had some knowledge of other computer security best practices and that this computer would be more difficult to hack than one with a password that was broken in less than an hour.

We did some testing of passwords to illustrate how time-to-crack related to strength and complexity of the password. Here’s what we found. By the way, please don’t use any of these example passwords as your own…remember hackers are lazy and will test these first because they’ve been in an article like this.

Password No. Characters Scheme Time To Crack
password

8

dictionary word Instantly
p455w0rd

8

letters and numbers 11 minutes
p455w0rd&

9

letters, numbers, and 1 symbol 6 days
p455w0rd&*

10

letters, numbers, and 2 symbols 344 days
P455w0rd&*

10

letters (1 cap.), numbers, and 2 symbols 58 years
P455w0rd&*+

11

letters (1 cap.), numbers, and 3 symbols 4000 years

Enough said. Now take a look at your passwords and check them on HowSecureIsMyPassword.net to see how quickly they’d be cracked. If it’s 6 days or less I recommend you strengthen them using the example schemes above. You’ll be glad you did.

Be very careful…it’s dangerous out there.

I hope you enjoyed this article; and if you’d like to receive an email when a new article is posted, please sign up for an email subscription on my home page. Don’t worry…I won’t give your email address to anyone…No One; I hate spam too. Please share my blog with your friends and family. I’m also on Twitter @PaulsInternet .

Paul

Advertisements

Leave a comment

Filed under Cool Stuff On The Net, Internet Security, passwords

What do you think?

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s