A 1 second reminder why you should use better passwords

Filed under: Security

A 1 second reminder why you should use better passwords

by Brad Linder Mar 27th 2007

Ever wonder how secure your passwords are? Odds are the answer is not very secure at all.

One Man's Blog has an article showing just how easy it is to crack most passwords. And since the vast majority of users use the same password for everything from their email to their bank accounts, all you really need to do is find one password. And with some passwords, that can take less than a second. The chart above shows just how long it would take the average cracker to uncover your password using a brute force password generator.

Of course, all hope is not lost. Here are few basic tips toward a more secure existence:

Don't make your password a person's name or any word in the dictionary.
Don't use your birthday, social security number, or sequential numbers like 1234 (did we really have to tell you this one?)
Do use longer passwords (7 or more characters if you can).
Do use a combination of letters, numbers, and symbols.
Do make your passwords case sensitive and mix up the uppercase and lowercase letters.
Substitute letters for numbers. For example "D0wnl04d Squ4d" would take a lot longer to find than "download squad."
Do use a different password for every site you visit.

That last one's a killer. You'll either want a good program to keep track of your passwords, or at the very least make sure that you use a different password for your bank account than you use for online photo sharing sites.
[via lifehacker]

Tags: crack, password

Reader Comments (Page 1 of 1)

chris said 5:12PM on 3-27-2007

"Someone didn't bother reading my carefully prepared memo on commonly-used passwords. Now, then, as I so meticulously pointed out, the four most-used passwords are: love, sex, secret, and... God" or Swordfish... *rolls eyes*

Carl Rudy said 9:38PM on 3-27-2007

I remember a blog (if memory serves it was lifehacker) once suggesting that if you have a problem remembering or creating a password for every site you register on, try this: create a "base password" that you use and decide on a dynamic termination for it, ie for web site accounts (ok, ok, flickr, and no it's not my password ; -) i have a base of say my anniversary: "Mar0505" and then I include the first 4 letters of the site that I'm using to terminate the password, so my pass now looks like "Mar0505FLIC". If I'm feeling really tricky I can add a few extended characters in there, like "$Mar0505FLIC$" and make for an absurdly hard password to crack, and one thats different for each site I make an account for, and is cake to remember! And I don't forget my anniversary!

Peter said 10:01PM on 3-27-2007

These are all good tips.
The only machine I ever had pwned was a server I built using a poor quality password because it was "just temporary." It only took a day or 2 for it to get hacked.
Let that be a lesson to the rest of you.

Henry Gale said 7:49AM on 3-28-2007

12345????

That's the kind of thing an idiot would have on his luggage!

Kai said 8:31AM on 3-28-2007

I´m using Firefox, and an add-on very useful: password maker. It´s do something like Carl Rudy said above; but, they´re strong passwords.

Peter said 8:58AM on 3-28-2007

"That's the kind of thing an idiot would have on his luggage!" You laugh but I've had people at work use passwords like that. They just don't understand how easy it is to crack simple passwords.

tevetorbes said 10:28AM on 3-28-2007

Yeah, these are great tips. But a couple of problems:

What if the website or service that you use doesn't allow special characters? All of my passwords (at least the ones that will let me) contain special characters. Some sites do not allow some (like & ^ [] !) but do allow others (like ? ; * #) Some don't allow them at all- then what?

And, what, if worse than that, the passwords are not case sensitive? In checking the rules on some of the sites that I frequent, I noticed that American Express' website only uses 6-8 alphanumeric, non-case-sensitive characters. SIX TO EIGHT? By the above chart, that equates to 5 minutes to 2-and-a-half days until somebody has all of your credit card info.

OTOH, Bank of America allows 8-20 case-sensitive characters and some (not all) special characters. A much more secure option, obviously.

So, with all this bullhonk about online security and phishing and other such FUD that is thrown at Joe Consumer every day, one would expect him to follow rules like those above. But how in the world is he supposed to when his websites won't let him?

Snorri said 1:49PM on 3-28-2007

So my password which is 24 characters Upercase,lowercase,numers and total ballony when it comes to the dictionary and includes Icelandic letters is pretty secure?

Featured Time Waster

Civiballs is a beautiful, soothing physics puzzle Time Waster

I have an absolute weakness for physics games, and while Civiballs isn't the strongest physics-based game, what it lacks in the physics department it makes up for a few times over in style and fun.

In Civiballs, you are presented with a few colored balls, and your goal is to get those balls into the same-colored urn on the level. The "civi" part of Civiballs is that there are 3 sets of levels to play, each representing a different civilization. While the civilization doesn't affect gameplay, the artwork for each level is beautifully themed to it's appropriate era.

To play the game, you are given only one tool - a sword with which to cut the chains that are holding the balls. The puzzle part of the game is in figuring out what order, and with what timing to cut each chain. Do it right, and all the right balls end up in the right urns, with no stray balls entering an urn (a no-no). Do it wrong, and you get to start over again.

Civiballs is not terribly deep on gameplay; the entire game can be completed in about 15 minutes. But if you enjoy this type of game, it will be a very enjoyable 15 minutes.

View more Time Wasters