Filed under: Security
A 1 second reminder why you should use better passwords
Ever wonder how secure your passwords are? Odds are the answer is not very secure at all.
One Man's Blog has an article showing just how easy it is to crack most passwords. And since the vast majority of users use the same password for everything from their email to their bank accounts, all you really need to do is find one password. And with some passwords, that can take less than a second. The chart above shows just how long it would take the average cracker to uncover your password using a brute force password generator.
Of course, all hope is not lost. Here are few basic tips toward a more secure existence:
- Don't make your password a person's name or any word in the dictionary.
- Don't use your birthday, social security number, or sequential numbers like 1234 (did we really have to tell you this one?)
- Do use longer passwords (7 or more characters if you can).
- Do use a combination of letters, numbers, and symbols.
- Do make your passwords case sensitive and mix up the uppercase and lowercase letters.
- Substitute letters for numbers. For example "D0wnl04d Squ4d" would take a lot longer to find than "download squad."
- Do use a different password for every site you visit.
[via lifehacker]
Get a WordPress.com Blog
So, just how good at time waster games are you? Think you've got the stuff? Well, The World's Hardest Game 2.0 doesn't think you do.
Yes, amazingly, it's possible to have a sequel to a game called "The World's Hardest Game". It doesn't seem logically possible, since if the first one was actually the world's hardest, how could another one come along and share the moniker? It made me doubt the name in the first place. That is, until I tried the game.
The mechanics of the game are very simple. You are a small red square, ...
Reader Comments (Page 1 of 1)
chris said 5:12PM on 3-27-2007
"Someone didn't bother reading my carefully prepared memo on commonly-used passwords. Now, then, as I so meticulously pointed out, the four most-used passwords are: love, sex, secret, and... God" or Swordfish... *rolls eyes*
Reply
Carl Rudy said 9:38PM on 3-27-2007
I remember a blog (if memory serves it was lifehacker) once suggesting that if you have a problem remembering or creating a password for every site you register on, try this: create a "base password" that you use and decide on a dynamic termination for it, ie for web site accounts (ok, ok, flickr, and no it's not my password ; -) i have a base of say my anniversary: "Mar0505" and then I include the first 4 letters of the site that I'm using to terminate the password, so my pass now looks like "Mar0505FLIC". If I'm feeling really tricky I can add a few extended characters in there, like "$Mar0505FLIC$" and make for an absurdly hard password to crack, and one thats different for each site I make an account for, and is cake to remember! And I don't forget my anniversary!
Reply
Peter said 10:01PM on 3-27-2007
These are all good tips.
The only machine I ever had pwned was a server I built using a poor quality password because it was "just temporary." It only took a day or 2 for it to get hacked.
Let that be a lesson to the rest of you.
Reply
Henry Gale said 7:49AM on 3-28-2007
12345????
That's the kind of thing an idiot would have on his luggage!
Reply
Kai said 8:31AM on 3-28-2007
I´m using Firefox, and an add-on very useful: password maker. It´s do something like Carl Rudy said above; but, they´re strong passwords.
Reply
Peter said 8:58AM on 3-28-2007
"That's the kind of thing an idiot would have on his luggage!" You laugh but I've had people at work use passwords like that. They just don't understand how easy it is to crack simple passwords.
Reply
tevetorbes said 10:28AM on 3-28-2007
Yeah, these are great tips. But a couple of problems:
What if the website or service that you use doesn't allow special characters? All of my passwords (at least the ones that will let me) contain special characters. Some sites do not allow some (like & ^ [] !) but do allow others (like ? ; * #) Some don't allow them at all- then what?
And, what, if worse than that, the passwords are not case sensitive? In checking the rules on some of the sites that I frequent, I noticed that American Express' website only uses 6-8 alphanumeric, non-case-sensitive characters. SIX TO EIGHT? By the above chart, that equates to 5 minutes to 2-and-a-half days until somebody has all of your credit card info.
OTOH, Bank of America allows 8-20 case-sensitive characters and some (not all) special characters. A much more secure option, obviously.
So, with all this bullhonk about online security and phishing and other such FUD that is thrown at Joe Consumer every day, one would expect him to follow rules like those above. But how in the world is he supposed to when his websites won't let him?
Reply
Snorri said 1:49PM on 3-28-2007
So my password which is 24 characters Upercase,lowercase,numers and total ballony when it comes to the dictionary and includes Icelandic letters is pretty secure?
Reply