Hard to crack but easy to remember passwords
Problem
When you're using only small letters for your password with so called "reasonable" minimum length (8 chars) many sites force you to use your password can be guessed within 34 seconds on any machine with decent graphics card.
When you replace at least one char with digit then it will take little longer, like: 8 minutes
When you replace at least one char capital letter then it will take reasonably longer, like 10 hours.
Then you can replace another char with special character like " or # or ! you will get onto another level, hacking of your encrypted password will take 12 days on "decent machine". Some people consider this reasonable enough1...
..but you're ending up with hard to remember horror like
Th!spas1
Solution
Instead you could chose 4 common words, like verse from your favorite poem, book or even random words, like:
thispasscoversit
join them together, you'll get 4 EASY TO REMEMBER words and same "decent machine" it will take 230 thousand years!2
So really, stop beating yourself to death with stupid chars in passwords and start using pass phrases!
1 well it's 12days on slow machine, when hacker has small farm with about
20 machines with newest graphics cards it will take only 8 hours ;)
2 and almost 6 thousand years on small farm described above...
You don't have to believe me, but check for yourself:
Password hash brute force hacking estimator
WARNING: password will be displayed using clear text:Slow machine = something with power of 3 bilion checks per second.
Fast machine has power of 20 bilion checks per second.
Small farm is few machines with combined power of 120 bilion checks per second.
All calculations assume that attacker guesses/knows sets of chars used:
only digits, lowercase alphabet, uppercase alphabet, special chars or whole byte.
Take action!
So every time someone forces you to use 8 to 12 characters password with at least one digit, one caps and one "special" char try to educate! File a support ticket. Force them to rethink what they're doing.
Archives
- February 2016
- October 2015
- September 2015
- July 2013
- June 2013
- April 2013
- March 2013
- December 2011
- November 2011
- July 2011
- June 2011
- February 2010
- September 2009
- March 2009
- February 2009