How Safe is Your Password?
- Phil Smith
- Apr 12, 2018
- 2 min read
I have given clients many tips about complex passwords and how to have a unique password for everything that you can still remember but there is a website that can help you check how secure your current password is against a brute force hack.
A brute force hack basically uses all possible combinations of the digits on you keyboard to force its way into getting your password. Ever had a bike lock with three wheels you spin? there are 1000 possible combinations fo the numbers until you find the right one. However, if you start at each end and work forwards or backwards then the amount of time taken to crack the code will be vastly reduced. Even with a number slap bang in the middle then it would take less than an hour to crack the three digits by hand.
Computers can perform these calculations far faster though and a three digit number only code would take seconds to crack by brute force. The more digits we add, the stronger the password becomes, as there are more possible combinations. This means that rather than using really complex combinations, that are harder to type and remember, we should be using longer passwords.
Common phrases will be tried first by decent brute force hacking software though so you need to come up with something that does not really flow. "icanremembermypassword" would be a lot easier to crack than "irainsnowshoestomondaywork" is a great example of this.
Also important to remember is that brute force hacks tend to be used by "script kids" who are learning the fine art of hacking. An experienced hacker will be using far more sophisticated techniques.
If you want to check how strong your password really is then look here. Do not get too comfortable with the results though. Anything less than 10,000 years to brute force hack could be cracked by an experienced hacker. Take a look though and see just how far below this target you are. Also remember than every 18 months or so, computer processing power doubles, meaning that as time moves on your 8 character password has become a delay of a few minutes for anyone that really wants your data. These days 16 to 24 characters would be a good starting point.
