Dec 7, 2016Industry insights,
P@s5w0rd5! Is this really protected?
The unfortunate fact is that these days, with brute force attacks at an all-time high, the need to use strong passwords has never been higher.
We think of a strong password as being a password that contains numbers, uppercase and lowercase letters and symbols, thinking that the use of multiple character types makes the password harder to crack.
Unfortunately, this is not the case. When you consider that the applications used by a hacker to carry out a brute-force attack against your password take into consideration that every digit could be a number, upper or lowercase letter or a symbol, it’s going to check every permutation in every slot anyway. As a result, the password C4rr!ag3 is in fact no stronger than the password carriage, when you calculate the statistically likely length of time it will take for a brute force attack to crack it. It is, however, far harder for us to remember, despite being not much harder for a hacker.
Therefore, choosing a truly strong password actually comes down to choosing a more obscure password, as shown is the diagram below.
The top three images depict an example of a typically strong password containing variable character lengths, which, whilst being difficult to remember, only takes 3 days’ worth of guesses for a brute force attack to break.
The bottom three images provide an example of a password that would be considered by most as less secure, as it contains no symbols or letter case changes, but due to the way computers run through permutations it would take an estimated 550 years to crack; that’s almost sixty-seven thousand times longer for a computer to guess, despite being easier to remember.
Historically, people will have used online generators such as www.strongpasswordgenerator.com to generate passwords where they have a need, but increasingly generators are turning to methods akin to those used at https://xkpasswd.net/s/ to generate far stronger passwords. To check how little time it would take to crack your passwords, tools such as the Haystack Checker can be found at https://www.grc.com/haystack.htm.