Ever wonder how secure your passwords are? Odds are the answer is not very secure at all.
One Man's Blog has an article showing just how easy it is to crack most passwords. And since the vast majority of users use the same password for everything from their email to their bank accounts, all you really need to do is find one password. And with some passwords, that can take less than a second. The chart above shows just how long it would take the average cracker to uncover your password using a brute force password generator.
Of course, all hope is not lost. Here are few basic tips toward a more secure existence:
- Don't make your password a person's name or any word in the dictionary.
- Don't use your birthday, social security number, or sequential numbers like 1234 (did we really have to tell you this one?)
- Do use longer passwords (7 or more characters if you can).
- Do use a combination of letters, numbers, and symbols.
- Do make your passwords case sensitive and mix up the uppercase and lowercase letters.
- Substitute letters for numbers. For example "D0wnl04d Squ4d" would take a lot longer to find than "download squad."
- Do use a different password for every site you visit.
[via lifehacker]
Reader Comments (Page 1 of 1)
3-27-2007 @ 5:12PM
chris said...
"Someone didn't bother reading my carefully prepared memo on commonly-used passwords. Now, then, as I so meticulously pointed out, the four most-used passwords are: love, sex, secret, and... God" or Swordfish... *rolls eyes*
Reply
3-27-2007 @ 9:38PM
Carl Rudy said...
I remember a blog (if memory serves it was lifehacker) once suggesting that if you have a problem remembering or creating a password for every site you register on, try this: create a "base password" that you use and decide on a dynamic termination for it, ie for web site accounts (ok, ok, flickr, and no it's not my password ; -) i have a base of say my anniversary: "Mar0505" and then I include the first 4 letters of the site that I'm using to terminate the password, so my pass now looks like "Mar0505FLIC". If I'm feeling really tricky I can add a few extended characters in there, like "$Mar0505FLIC$" and make for an absurdly hard password to crack, and one thats different for each site I make an account for, and is cake to remember! And I don't forget my anniversary!
Reply
3-27-2007 @ 10:01PM
Peter said...
These are all good tips.
The only machine I ever had pwned was a server I built using a poor quality password because it was "just temporary." It only took a day or 2 for it to get hacked.
Let that be a lesson to the rest of you.
Reply
3-28-2007 @ 7:49AM
Henry Gale said...
12345????
That's the kind of thing an idiot would have on his luggage!
Reply
3-28-2007 @ 8:31AM
Kai said...
I´m using Firefox, and an add-on very useful: password maker. It´s do something like Carl Rudy said above; but, they´re strong passwords.
Reply
3-28-2007 @ 8:58AM
Peter said...
"That's the kind of thing an idiot would have on his luggage!" You laugh but I've had people at work use passwords like that. They just don't understand how easy it is to crack simple passwords.
Reply
3-28-2007 @ 10:28AM
tevetorbes said...
Yeah, these are great tips. But a couple of problems:
What if the website or service that you use doesn't allow special characters? All of my passwords (at least the ones that will let me) contain special characters. Some sites do not allow some (like & ^ [] !) but do allow others (like ? ; * #) Some don't allow them at all- then what?
And, what, if worse than that, the passwords are not case sensitive? In checking the rules on some of the sites that I frequent, I noticed that American Express' website only uses 6-8 alphanumeric, non-case-sensitive characters. SIX TO EIGHT? By the above chart, that equates to 5 minutes to 2-and-a-half days until somebody has all of your credit card info.
OTOH, Bank of America allows 8-20 case-sensitive characters and some (not all) special characters. A much more secure option, obviously.
So, with all this bullhonk about online security and phishing and other such FUD that is thrown at Joe Consumer every day, one would expect him to follow rules like those above. But how in the world is he supposed to when his websites won't let him?
Reply
3-28-2007 @ 1:49PM
Snorri said...
So my password which is 24 characters Upercase,lowercase,numers and total ballony when it comes to the dictionary and includes Icelandic letters is pretty secure?
Reply