How secure is your password?


Userlevel 7
How secure is your password?
by Khidr Suleman 

How to create a safe and easy to remember password? It’s World Password Day, so it’s the perfect time to see how secure your password is. Remember, just because a password is hard for you to remember, doesn’t mean that a computer won’t crack it within minutes or hours. If you take away one thing from this article, it should be this: A long, easy to remember password is better than a short, complex password.
Let's illustrate this with a couple of examples. The first from XKCD shows the complicated password "TrØub4dor&3" might appear secure, but it will take 3 days to crack at an estimated rate of 1,000 guesses per second.
Meanwhile, a password made up of four random but easily memorable words “correct horse battery staple” would take 550 years to crack at a rate of 1,000 guesses per second. The more characters a password has, the longer it takes to crack.
 
Full Article
 
Fortunately Webrooters, we've got Password Manager ;)

15 replies

Userlevel 7
Now there is an eye opener!  I knew the basics of making them complex, hard to remember, use special characters, etc etc.  Just like the first example.
 
I would not have thought that a simple uncomplicated phrase would be so hard....though really it is just common "horse sense" that simply longer is better: the more characters the more guesses it takes to find it.
 
Really in theory it is a simple extension of the common password basics of example #1: use of numbers, letters, special characters, etc vastly increases the possibilities per position.
 
What 'traditional' password theory and corporate IT practices fail in is putting this extension of the theory to use: how many of you find password requirements such as "MUST be 8 characters", or maybe 10?  
Userlevel 7
@DavidP1970 wrote:
What 'traditional' password theory and corporate IT practices fail in is putting this extension of the theory to use: how many of you find password requirements such as "MUST be 8 characters", or maybe 10?  
Not only that, but there's such an inconsistency:  Sometimes special characters are not allowed; other times you are TOLD you MUST use a number, a CAP and a letter (well, you get the idea)... and once you have the "perfect" password, you get an error message saying it's too long... three cheers for WPM!
Userlevel 7
@ wrote:
@DavidP1970 wrote:
What 'traditional' password theory and corporate IT practices fail in is putting this extension of the theory to use: how many of you find password requirements such as "MUST be 8 characters", or maybe 10?  
Not only that, but there's such an inconsistency:  Sometimes special characters are not allowed; other times you are TOLD you MUST use a number, a CAP and a letter (well, you get the idea)... and once you have the "perfect" password, you get an error message saying it's too long... three cheers for WPM!
Well..... what can I say other than... YUP!  Been there, done that 🙂
Userlevel 7
Badge +52
http://pc-club.net/proxy.php?image=http%3A%2F%2Flifehacker.ru%2Fwp-content%2Fuploads%2F2014%2F05%2F06055144-e.gif-save-3.gif&hash=fb9575a07da33c80734b9ec00b12c04b
Userlevel 7
Would not disagree with anything posted...it is all common sense if one takes the time to think about it logically and apply basic mathematical principles that most of us came across in school.  But there is still one flaw in all of this regardless of the password make up itself...and that is the human being.
 
Even if you make the password a very long (assuming that you do not exceed the defined limits of the site or app) but simple phrase there will still be users who will forget them especially as the sensible practice is not to use the same password on multiple sites...so they would end up with multiple variations of the long simple phrase...and forget which one applies to which site/app, etc...which is why the notion and use of biometrics or natural credentials has come in (but even those have their issues).
 
Basic fact is that as long as we have secrets or information, etc. that we want to keep private we will always have an issue with (i) generating secure credentials, & (ii) remembering them, etc...i.e., you cannot realistically cut out the human element.
Userlevel 7
I use LastPass. I've entered only the half of the master password in howsecureismypassword.net and it already says, 'It would take a desktop PC about 2 novemdecillion years to crack your password'.:)
Userlevel 7
Thanks ams863!  G'morning y'all!
 
I'm not sure which I liked better...
 
The tagline on howsecureismypassword.net that reads: This site could be stealing your password... it's not, but it easily could be. Be careful where you type your password. or the result:
 
It would take a desktop PC about 157 billion years to crack your password.
 
Woot! 
Userlevel 7
@ wrote:
I use LastPass. I've entered only the half of the master password in howsecureismypassword.net and it already says, 'It would take a desktop PC about 2 novemdecillion years to crack your password'.:)
Amit, are you using LastPass or the WSA Password Manager.  The WSA is essentially the same as LastPass and personally I reccomemd removing the LastPass and using WSA's to avoid any conflicts or confusion.
 
🙂
Userlevel 7
Hi David
 
I think that Amit uses the AV version rather than ISP or C...as I made the same observation to him a while back and I gathered that it was not an issue for him.
 
Regards
 
 
Baldrick
Userlevel 7
Ah, I see.  I was under the impression he was using IS or Complete.  My error :-) 
 
At least using LastPass currently if he should upgrade to IS or Complete he will have a very easy transition to WSA PM: simply backup his current set and then import from backup into the WSA PM.  Same format so fully compatible :-) 
Userlevel 7
Indeedy doody...;)
 
I may be incorrect though re. what he is using...but I am sure that he will let us know once he is back online. :D
Userlevel 7
Badge +56
@ wrote:
http://pc-club.net/proxy.php?image=http%3A%2F%2Flifehacker.ru%2Fwp-content%2Fuploads%2F2014%2F05%2F06055144-e.gif-save-3.gif&hash=fb9575a07da33c80734b9ec00b12c04b
That graphic is really cool!
Userlevel 7
Yep, nice illustrated Petr!
Userlevel 7
@ wrote:
Thanks ams863!  G'morning y'all!
 
I'm not sure which I liked better...
 
The tagline on howsecureismypassword.net that reads: This site could be stealing your password... it's not, but it easily could be. Be careful where you type your password. or the result:
 
It would take a desktop PC about 157 billion years to crack your password.
 
Woot! 
LOL.:D
 
@DavidP1970 wrote:
Amit, are you using LastPass or the WSA Password Manager.  The WSA is essentially the same as LastPass and personally I reccomemd removing the LastPass and using WSA's to avoid any conflicts or confusion.
:)
 
@ wrote:
Hi David
 
I think that Amit uses the AV version rather than ISP or C...as I made the same observation to him a while back and I gathered that it was not an issue for him.
 
Regards
 
 
Baldrick
Solly is right. Thanks for your recommendation David but I comfortable with LastPass and WSA-AV. Both run fine. I have been using LastPass when I had PrevX. So even though LastPass is used by WSA-C, I'm still more comfortable with LastPass alone. I find no use to upgrade as I already have all the features separately. 🙂 I'm happy with my WSA-AV.;)
Userlevel 7
I think this article fits right in perfectly!
 
JetBlue's weird password rule: No Q or Z
By Jose Pagliery @Jose_Pagliery  May 15, 2014: 8:26 AM ET

JetBlue has a funky rule for its frequent flyer members. Make whatever password you want. Just don't use a letter 'Q' or 'Z.'

The dangerously lame "Password1" is okay, but "QueazyQuetzal" is not. How quizzical.
 
Full Article
 
 
- Jeff
http://community.webroot.com/html/assets/SigCG.png

Reply