For years, we in the computer industry, have been telling people to create cryptic passwords that include upper and lowercase letters, numbers, and special characters. We’ve been saying that if you replace certain characters with others, such as @ instead of “a”, or 3 instead of “E”, or ! instead of l, that chances of getting your password stolen are remote. Well, it would be remote, but with today’s technology, someone trying to break that password would have it figured out in 3 days with 1000 guesses/second, which is probably faster than you trying to remember what the password actually is.
A far better and safer way to create passwords is to string words together. Four random words, such as dogsbakewoodseat, would take 550 years with 1000 guesses/second to break, and would be much easier to remember if you use words that have meaning to you. The reason isn’t so much in the letters you use but is a combination of length as well as content. Most cryptic passwords are shorter than 8 characters because they’re hard enough to remember as is without them being longer. By using the word combination, you can make your passwords long and still be easy to remember.
I still recommend you using a different password for every site so with all of those passwords to try to remember you may want to use a password manager. I recommend RoboForm which allows you to save your passwords to your computer, or to the internet where they’re available just by clicking, when you need to log-in to a site.
If you want to see how safe some of your passwords are, or passwords similar to what you use, try them here, and see how long it would take someone to hack your password.
Filed under: Instructional, PC Security |
AskBillFirst - Non-Tech Speak Technology Blog 
[…] AskBillFirst Maybe My Password Isn’t As Strong As I Thought It Was […]
Hi, concerning passwords, if a key logger gets installed on your PC. Is it still hard to guess a password like this one: thedogbiteskidsinthepark. How safe is this password if a key logger gets it?. Thanks, Del
If there is a keylogger installed on your computer, anything you type gets recorded so there is no password that can be created safely on that computer.
[…] Analysis of Yahoo Voice Password Leak – 453,441 Passwords Exposed | Sucuri Posted on July 12, 2012 by wjimenez275 Have you noticed an increase in spam from those you know with yahoo, hotmail, aol or gmail accounts? There’s a reason for that. Apparently, there was a massive leak of Yahoo passwords and since many people use the same passwords for several sites, it was easy to hijack those accounts. From the link in this article, you can check if your email has been hijacked and is being used to send spam. Whether it is or isn’t, you should consider changing your password. Also, take a look at the password list. Notice how many people are using simple, easy to guess passwords. Check out my post on creating strong passwords – Maybe My Password Isn’t As Strong As I Thought It Was […]
The 550 year number I take it comes from a standard brute-force method (i.e letter by letter). A much shorter time is required if the attacker knows that the password is formed of x number of words. Much better solution is to use actual sentences (including uppercase letters and punctuation symbols). Sentences are easier to remember as well.