or, as I like to call it, Password Hack-a-torial.

Lots of our customers trust us with their passwords. And they should. We’re a very trustworthy company. We store all of that confidential information in an application that uses a state-of-the-art encryption algorithm. The application uses 128-bit keys for encryption, which means it would take millions of years for a criminal to decrypt the data using a “brute force” attack.

But, even as secure as we store their data, we sometimes laugh because the passwords themselves are so weak, that cracking them outright would be easier than cracking our storage application. Most are birthdays, or children names, or just 4 or 5 random numbers or digits. Even those are easily cracked in few seconds to a few hours.

Study the chart below. Pay close attention to the difference between using just lowercase characters and using every possible character (uppercase, lowercase, and special characters – like @#$%^&*). Adding just one capital letter and one number would change the processing time for a 7 character password from 2 days to 2 years. Obviously, the longer the password length, the better.

Password Length All Characters Only Lowercase 3 characters 4 characters 5 characters 6 characters 7 characters 8 characters 9 characters 10 characters 11 characters 12 characters 13 characters 14 characters 0.86 seconds 1.36 minutes 2.15 hours 8.51 days 2.21 years 2.10 centuries 20 millennia 1,899 millennia 180,365 millennia 17,184,705 millennia 1,627,797,068 millennia 154,640,721,434 millennia 0.02 seconds .046 seconds 11.9 seconds 5.15 minutes 2.23 hours 2.42 days 2.07 months 4.48 years 1.16 centuries 3.03 millennia 78.7 millennia 2,046 millennia

See what a difference a long password makes. Even a lowercase, 11 character password would take over 100 years!

Here are some tips to help to you from becoming a statistic: