How long will it take to crack your password?

Well, if it’s 7 characters long or less then it will take around 10 seconds or less to crack!

I want to show you how short passwords can be cracked in a very short time frame. According to a Sophos blog, a $20,000 computer, which criminals could easily afford and would buy, can try and crack a mind boggling 100 billion passwords a second!

Yes, 100,000,000,000 passwords a second. A 1 with 11 zeros after it…This is a mind boggling large number.

You might be thinking that it must be impossible to create a password that can’t be cracked. Carry on reading and at the end I’ll show you a method of how to create a strong password that can’t be cracked and is also easy to remember.

The science behind cracking a password

A password can comprise the following:

  • 26 lower case letters
  • 26 upper case letters
  • 10 numbers (0,1,2,3…8,9)
  • 32 special characters (!({;:#&*?><._+) etc.

This gives a total of 94 possible characters.

If your password comprises just 1 character it will take me up to 94 attempts to guess your password. I’d start with a, then b, then c al the way through to z, then A-Z, then the numbers and then all the special characters. Eventually I would work out your password.

If your password comprises 2 characters I would start at aa, ab, ac,…,ay, az, a1,…, a9,…, a%,…,ba, bb,…, b8 etc. There are now a total of 8836 different combinations. If I do it manually it’s going to take me quite a long time but I can easily write a computer program to go through all the different combinations very quickly.

The table below shows how long it will take a super computer, that can go through 100 billion permutations per second, to crack different length passwords.

 

As you can see if your password is less than 8 characters it’s going to be cracked in less than an hour.

However, notice how much longer it takes by just increasing the length of your password by 1 character. An 8 character password will take around 17 hours but a 9 character password will take 66 days.

This is why we recommend your passwords should be at least 10 characters long.

Dictionary attacks

Criminals are sophisticated animals and will use many methods to try and crack passwords. One trick is to use dictionary attacks. There are around 250,000 words in the English dictionary. So a criminal will just input every word in the dictionary until it works as your password.  For a super computer to cycle through 250,000 words isn’t going to take very long at all.

You maybe thinking that the extra numbers you add on the end, eg. Goldfish84 ,will make it harder. It is a bit harder but it’s the equivalent of going from a 2 character password to 3 characters. The time taken to crack is minimal!

And changing letters for numbers or characters doesn’t help much either. For example, changing ‘a’ to @, ‘i’ to 1, ‘s’ to 5. This gives passwords such as Goldf15h or P@55word. Criminals are well aware of these tricks people use so they modify their password cracking programs to go through all the common iterations.

How to create strong but memorable passwords

I fully realise that a lot of people struggle to create and remember long passwords. But there are simple methods which make it easy to create strong and easy to remember passwords. Try this 3 step method:

Step 1

Think of a sentence or phrase.

I like walking my dog in the park

Take the 1st letter of each word: I like walking mdog ithe park

ilwmditp

Step 2

Add some random numbers and characters

%ilwmditp65

Step 3

To make the password unique for every website you visit add a unique identifier. For example, an Am for Amazon, FB for Facebook etc.

%ilwmditp65FB

We now have a system that is easy to remember and contains the requirements for a strong password:

  • More than 10 characters long
  • Upper and lowercase letters
  • Special characters
  • Numbers

Making it your own

Now you have a system it’s time to make it your own. You could vary the position of the random characters and numbers – all at the beginning or all at the end for example. You could choose a different identifier for each website. Just choose something that you can easily remember.

Conclusion

Even if you use LastPass to manage your passwords you still need to create one strong password and the 3 step method outlined above will definitely help you.

By having a strong and unique password for every website you visit you will be taking a huge step forward in protecting your online life from hackers and criminals.

 

 


Is your Windows 10 PC running slow - read our new book

If your Windows 10 computer isn't running as well as it used to then you should check out our new book. In 7 clearly explained steps you will run scans and checks to make sure your computer is performing at it's best. Available to buy on Amazon now for £4.98 (Kindle) or paperback (£9/98).