Valley View Online

since 1996


Posted by admin on September - 24 - 2011 with 0 Comment  19,476 views

or, as I like to call it, Password Hack-a-torial.

Lots of our customers trust us with their passwords.  And they should. We’re a very trustworthy company.  We store all of that confidential information in an application that uses a state-of-the-art encryption algorithm. The application uses 128-bit keys for encryption, which means it would take millions of years for a criminal to decrypt the data using a “brute force” attack.

But, even as secure as we store their data, we sometimes laugh because the passwords themselves are so weak, that cracking them outright would be easier than cracking our storage application. Most are birthdays, or children names, or just 4 or 5 random numbers or digits. Even those are easily cracked in few seconds to a few hours.

Study the chart below. Pay close attention to the difference between using just lowercase characters and using every possible character (uppercase, lowercase, and special characters – like @#$%^&*). Adding just one capital letter and one number would change the processing time for a 7 character password from 2 days to 2 years. Obviously, the longer the password length, the better.

Password Length All Characters Only Lowercase
3 characters

4 characters

5 characters

6 characters

7 characters

8 characters

9 characters

10 characters

11 characters

12 characters

13 characters

14 characters

0.86 seconds

1.36 minutes

2.15 hours

8.51 days

2.21 years

2.10 centuries

20 millennia

1,899 millennia

180,365 millennia

17,184,705 millennia

1,627,797,068 millennia

154,640,721,434 millennia

0.02 seconds

.046 seconds

11.9 seconds

5.15 minutes

2.23 hours

2.42 days

2.07 months

4.48 years

1.16 centuries

3.03 millennia

78.7 millennia

2,046 millennia

See what a difference a long password makes. Even a lowercase, 11 character password would take over 100 years!

Here are some tips to help to you from becoming a statistic:

  1. Use strong passwords. 8 characters or more, with uppercase, lowercase, numbers and/or special characters. I prefer numbers over special characters.
  2. Use a password storing application. We use 1 Password. You remember one main password and then for each password you need, it will generate a strong password of any length, and store it. You just remember the one password.
  3. Substitute numbers for letters that look similar. The letter ‘o’ becomes the number 0, or even better an ‘@’ or ‘*’.
  4. Don’t use names!  Every name plus, every word in the dictionary, will FAIL under a simple brute force attack.
  5. Not sure if your password is strong enough. Check the list above, or test the strength of your password at at Microsoft’s Security Center.
  6. You really need to have different username / password combinations for everything. If it one gets cracked, the others won’t fall like dominoes. 1Password makes this a very easy proposition.

You must be logged in to post a comment.

  • RSS
  • Facebook
  • Twitter
  • Linkedin
  • Flickr