that 1.6 billion internet username/password combinations have been stolen
by a gang in Russia, it goes without saying that updating your
passwords and ensuring that you use strong
passwords is as important and as urgent as
We often hear about the need for stronger passwords and tips for creating
secure passwords, but we don't often hear why.
Cracking a password is as easy as:
Downloading a password cracking application
Enter in the password length, and the combinations to try (numbers,
lower-case letters, upper-case letters, symbols/special characters)
Basically, the program will use what is called a Brute Force method to go
through every possible combination of letters, numbers and special
characters within a defined set until it gets a match.
The stronger the password you use, the longer it will take for this
method to match the combination that is your password.
For example: Your password is simply 12345.
Using the Brute Force method, the software will try 0, all the way to 9.
Then it will try 00, 01, 02, etc. Then move to 000, 001, 002, etc. Until
it finally tries 12345, and BINGO! It's cracked it. A smart program might
even start at 1, then try 12, then 123; cracking your 12345 even faster.
Now compare this to a password that is also 5 characters, but has capital
letters, lower case letters, numbers and special characters - 1tWo# for
example. Now the program has to go through significantly more
combinations to find a match. Make the password longer, and the number of
possible combinations jumps even higher.
This is why it is highly recommended that you create and use passwords
that are at least 8 characters long, and use a combination of numbers,
lower-case letters, upper-case letters AND symbols / special characters.
Change your passwords regularly (at least every 6 months), and don't use
a password elsewhere if you are using it for something sensitive like
The reason for changing every 6 months is keep your password fresh. If
someone does manage to obtain your password, by the time they try to use
it, you have already changed it.
HCD Tactic: Use a short, memorable phrase or
word combination as your password. Make it something that is
difficult for others to guess, swapping some characters
for capital letters, and adding some numbers and symbols at the start and
at the end (or anywhere in between). For example: $24ILikeCoffee68$.
There are many websites that help you to test the strength of your
passwords, and can show you how quickly your password would be cracked by
hackers. There are even websites that show how predictable your password
is - that is, if you use words to make up your password, software can
predict what the next character is more likely to be based on character
combinations seen in words.
A list of on-line password strength calculators and
How Secure is my Password is a
great website to test the strength of a password before using it, and
the website will show you how long it would take a normal desktop
computer using Brute Force software to crack your password.
Telepathwords is also good to test how
predictable your password will be for more advanced password cracking
This password strength tester by
rumkin.com also explains the logic behind chosing a strong password a
litte better, and is worth reading.
And the interactive
brute force search space calculator provided by the Gibson Research
Corporation explains everything even further.
What are your thoughts? Share on the iASP Central Facebook Page, or Get in Touch.