Holy Kaw! All the topics that interest us

 

How quickly can your password be cracked?

Posted Jul 18th, 2010 at 12:07 PM and seen
times

Web users beware—even if you create a complex password containing numbers, upper and lower case letters mixed with common symbols (like a percentage sign), the time it would take to crack it is virtually instantaneous. See the eye-opening chart below for some shocking crackability stats.

Media_httpwwwsciencet_pvhtb

To ensure yours is as strong as possible, try this:

Use a password manager, allow it to create a different random super strong password for every site and then create a super strong master password. Use an offline password manager that does not store your passwords on its servers whether encrypted or not.

Full story at Science Text.

More tech tips.

 Catherine Faas

Comments (12)

Jul 18, 2010
TheBreen said...
What a relief! My "secure" password is memorable, uses (at least) 10 characters, including upper- and lower-case letters, numbers, and punctuation. Should last at least long enough to get this message posted...
Jul 18, 2010
mickleforetic said...
I suggest using the PasswordMaker addon for firefox. It is a VERY strong password generator with many options and it makes it easy to create virtually uncrackeable passwords. I have been using it as part of my security practices with good results.
Jul 18, 2010
Pop_Goes_Slappy said...
1Password for Mac, or LastPass for Windows, Linux & Mac if you want Free. There's no reason any more to use short, simple to crack passwords other than ignorance.
Jul 18, 2010
John Zimmer said...
One thing that I do is create a sentence with the different elements such as "Iate14Carrots+12Peas" > Easy to remember yet complex from the point of view of the password code. Good luck to everyone!
Jul 18, 2010
Susan Elliot said...
Man who's the creator of this chart, this seems a little illogical,
Jul 18, 2010
Susan Elliot said...
ok just saw the thing on ghacks,,, (changing password on few secure sites now)
Jul 19, 2010
Sarah said...
Thanks for the info. Wish I had known this earlier. My email account was hacked and I can't get it back now :(
Jul 19, 2010
nicinabox said...
I created a web app to address this very issue. It uses a single master password and combines it with the domain name you want to log into. What you end up with is a super secure password with alternating case, numbers, and symbols that is totally different for each site you login to. Each visitor also gets a unique id which influences the algorithm used in created the password so you'll never end up with the same password as someone else.

Check it out:
http://pw.nicinabox.com

Jul 19, 2010
seertaak said...
Not so fast. These times are only valid when trying to brute force a password locally.
You need to take into account that you are connecting to a webserver so the actual connection time for each try will be much, MUCH higher.
This is valid for local password or file encryption. For web services 8 to 10 characters (upper, lower and numbers) is more than enough.
Also the same IP address trying thousands of times to login should rise some suspicion.
Jul 19, 2010
WolvenSpectre said...
I suggest KeePass. There is a version for all 3 major platforms. under active developement, and you can schedule expiration dates for when you want to change your password.
Aug 16, 2010
edro said...
i loss my password
Aug 16, 2010
edro said...
whaw i can get the password

Leave a comment...