light bulb

Did You Know?



Reply
Posts: 884
Topics: 178
Kudos: 566
Registered: ‎10-03-2012

How secure is your password?

[ Edited ]

How secure is your password?
by Khidr Suleman 


How to create a safe and easy to remember password? It’s World Password Day, so it’s the perfect time to see how secure your password is. Remember, just because a password is hard for you to remember, doesn’t mean that a computer won’t crack it within minutes or hours. If you take away one thing from this article, it should be this: A long, easy to remember password is better than a short, complex password.

Let's illustrate this with a couple of examples. The first from XKCD shows the complicated password "TrØub4dor&3" might appear secure, but it will take 3 days to crack at an estimated rate of 1,000 guesses per second.
Meanwhile, a password made up of four random but easily memorable words “correct horse battery staple” would take 550 years to crack at a rate of 1,000 guesses per second. The more characters a password has, the longer it takes to crack.

 

Full Article

 

Fortunately Webrooters, we've got Password Manager :smileywink:

Sr. Community Leader

Beta Tester



WEBROOT® SecureAnywhere™ Internet Security Complete Beta v8.0.8.53

Posts: 5,698
Kudos: 4,599
Registered: ‎10-28-2012

Re: How secure is your password?

Now there is an eye opener!  I knew the basics of making them complex, hard to remember, use special characters, etc etc.  Just like the first example.

 

I would not have thought that a simple uncomplicated phrase would be so hard....though really it is just common "horse sense" that simply longer is better: the more characters the more guesses it takes to find it.

 

Really in theory it is a simple extension of the common password basics of example #1: use of numbers, letters, special characters, etc vastly increases the possibilities per position.

 

What 'traditional' password theory and corporate IT practices fail in is putting this extension of the theory to use: how many of you find password requirements such as "MUST be 8 characters", or maybe 10?  


David, (shorTcircuiT)

      

New to the Community? Register now and start posting!



Helpful Webroot Links:


Download (PC)   Download (Best Buy Subscription)   Submit Trouble Ticket   Account Console   User Guides   



"If you don't learn something new every day, you need to pay more attention. I often get my daily learning here so grab a chair and stay a while!"

WSA-Complete (Beta PC), WSA Mobile (Android), WSA Business Mobile (Android) WSA-Endpoint (PC- Some of the time.....)
Sr. Community Guide
Posts: 407
Registered: ‎04-11-2014

Re: How secure is your password?


DavidP1970 wrote:

What 'traditional' password theory and corporate IT practices fail in is putting this extension of the theory to use: how many of you find password requirements such as "MUST be 8 characters", or maybe 10?  


Not only that, but there's such an inconsistency:  Sometimes special characters are not allowed; other times you are TOLD you MUST use a number, a CAP and a letter (well, you get the idea)... and once you have the "perfect" password, you get an error message saying it's too long... three cheers for WPM!

— Jeff
Webroot Business Ambassador   Webroot Senior Community Leader
Posts: 5,698
Kudos: 4,599
Registered: ‎10-28-2012

Re: How secure is your password?


jpasternak wrote:

DavidP1970 wrote:

What 'traditional' password theory and corporate IT practices fail in is putting this extension of the theory to use: how many of you find password requirements such as "MUST be 8 characters", or maybe 10?  


Not only that, but there's such an inconsistency:  Sometimes special characters are not allowed; other times you are TOLD you MUST use a number, a CAP and a letter (well, you get the idea)... and once you have the "perfect" password, you get an error message saying it's too long... three cheers for WPM!


Well..... what can I say other than... YUP!  Been there, done that :smileyhappy:


David, (shorTcircuiT)

      

New to the Community? Register now and start posting!



Helpful Webroot Links:


Download (PC)   Download (Best Buy Subscription)   Submit Trouble Ticket   Account Console   User Guides   



"If you don't learn something new every day, you need to pay more attention. I often get my daily learning here so grab a chair and stay a while!"

WSA-Complete (Beta PC), WSA Mobile (Android), WSA Business Mobile (Android) WSA-Endpoint (PC- Some of the time.....)
Posts: 1,806
Topics: 914
Kudos: 1,765
Registered: ‎10-14-2013

Re: How secure is your password?

[IMG]

SigSEA.png original (Копировать).png


Posts: 5,051
Topics: 211
Kudos: 4,831
Ideas: 9
Registered: ‎02-03-2012

Re: How secure is your password?

[ Edited ]

Would not disagree with anything posted...it is all common sense if one takes the time to think about it logically and apply basic mathematical principles that most of us came across in school.  But there is still one flaw in all of this regardless of the password make up itself...and that is the human being.

 

Even if you make the password a very long (assuming that you do not exceed the defined limits of the site or app) but simple phrase there will still be users who will forget them especially as the sensible practice is not to use the same password on multiple sites...so they would end up with multiple variations of the long simple phrase...and forget which one applies to which site/app, etc...which is why the notion and use of biometrics or natural credentials has come in (but even those have their issues).

 

Basic fact is that as long as we have secrets or information, etc. that we want to keep private we will always have an issue with (i) generating secure credentials, & (ii) remembering them, etc...i.e., you cannot realistically cut out the human element.

       Untitled-1.png


Webroot SecureAnywhere Complete Beta Tester v8.0.8.53...+ VoodooShield v2.31l Beta....working together as the NEW perfect combination! And backed up by AX Time Machine v2.0

Community Expert Advisor
Posts: 1,736
Registered: ‎02-02-2012

Re: How secure is your password?

I use LastPass. I've entered only the half of the master password in howsecureismypassword.net and it already says, 'It would take a desktop PC about 2 novemdecillion years to crack your password'.:smileyhappy:

__________________


π∞

"Simplicity is the ultimate form of sophistication." - Leonardo da Vinci


 


[Windows 8.1 Pro protected by Webroot SecureAnywhere]



Twitter.png

Sr. Community Guide
Posts: 407
Registered: ‎04-11-2014

Re: How secure is your password?

Thanks ams863!  G'morning y'all!

 

I'm not sure which I liked better...

 

The tagline on howsecureismypassword.net that reads: This site could be stealing your password... it's not, but it easily could be. Be careful where you type your password. or the result:

 

It would take a desktop PC about 157 billion years to crack your password.

 

Woot! 

— Jeff
Webroot Business Ambassador   Webroot Senior Community Leader
Posts: 5,698
Kudos: 4,599
Registered: ‎10-28-2012

Re: How secure is your password?


ams963 wrote:
I use LastPass. I've entered only the half of the master password in howsecureismypassword.net and it already says, 'It would take a desktop PC about 2 novemdecillion years to crack your password'.:smileyhappy:

Amit, are you using LastPass or the WSA Password Manager.  The WSA is essentially the same as LastPass and personally I reccomemd removing the LastPass and using WSA's to avoid any conflicts or confusion.

 

:smileyhappy:


David, (shorTcircuiT)

      

New to the Community? Register now and start posting!



Helpful Webroot Links:


Download (PC)   Download (Best Buy Subscription)   Submit Trouble Ticket   Account Console   User Guides   



"If you don't learn something new every day, you need to pay more attention. I often get my daily learning here so grab a chair and stay a while!"

WSA-Complete (Beta PC), WSA Mobile (Android), WSA Business Mobile (Android) WSA-Endpoint (PC- Some of the time.....)
Posts: 5,051
Topics: 211
Kudos: 4,831
Ideas: 9
Registered: ‎02-03-2012

Re: How secure is your password?

Hi David

 

I think that Amit uses the AV version rather than ISP or C...as I made the same observation to him a while back and I gathered that it was not an issue for him.

 

Regards

 

 

Baldrick

       Untitled-1.png


Webroot SecureAnywhere Complete Beta Tester v8.0.8.53...+ VoodooShield v2.31l Beta....working together as the NEW perfect combination! And backed up by AX Time Machine v2.0