Scripps Employees Called 'Hackers' For Exposing Massive Security Flaw
Suspected PayPal Hackers Seek Deal To Stay Out Of Prison
How Secure is My Password lets you know just that
That's a handy set of rules to keep in mind, but How Secure is My Password helps us understand why they're important.
It's basically like a full-screen version of one of those password-strength meters websites sometimes use. But instead of showing you a bar going from "weak" to "strong", it shows you an estimation of how long your password would take to crack. That's a much more visceral way to understand why your password is strong.
For example, when I entered "rabbit", it came back with "your password is one of the 500 most common passwords. It could be cracked almost instantly". "rabbit5" would take two hours, "$rabbit5" would take 38 days, and "$rabbitZ5" would take 237 years. It's quite enlightening to see what a difference three simple characters can make.
Comments
19
Subscribe to commentsrichard.gaileyMar 5th 2011 2:15PM
I got "About 40 octillion years" for my PC password (Truecrypt) But I'm guessing there will be a computer or algorithm that will be able to crack it in less that 10yrs the way things are going.
totoroMar 5th 2011 2:21PM
Man, a site like that would be a great way to harvest passwords to add to a brute force dictionary.
lake54Mar 5th 2011 5:06PM
@totoro that's exactly my thought... I'm sure it's a legit site, but if for any reason they were to become compromised, all someone would need to do is add a little script in, and hey presto, all those 'secure' passwords you're entering? Boom. Into a neat little text file (or something else, but you get the picture).
SilverWaveMar 6th 2011 7:09AM
@totoro
Its an intelligence test :-)
Anyone daft enough to put their actual pw in here has obviously FAILED.
LOL
JoshMar 5th 2011 2:24PM
My standard 22 digit password would take a sextillion years to crack. I think I'm good for a while.
SilverWaveMar 6th 2011 7:10AM
@Josh
The question is... do you reuse it?
LOL
arnauldMar 6th 2011 2:43AM
About a trigintillion years
ChrisMar 5th 2011 2:50PM
I don't believe it. I used a password that was cracked in less than 15 minutes with a freely available password cracker that runs on a GPU... this site said, "A Billion years"
Dakota O'NeillMar 5th 2011 5:08PM
17 quinquavigintillion years. But people have to remember, this is just a tool to help you show whether or not your password is good or bad, it doesn't actually mean it would take that long. Also this is just a "desktop computer" this isn't GPU powered, bot nets, super computers etc. Just remember be careful and not stupid.
commentator8Mar 5th 2011 5:56PM
At one point i made passwords by including a digit (if allowed) made by holding down alt and a series of numbers, e.g. alt-54444 you get ΒΌ or a chinese character (if in the address bar of chrome) etc.
Not sure if this means much, but this site doesn't seem to register any additional time if you do this or use a regular lowercase letter.
XenoMar 5th 2011 7:01PM
About 7 septillion years - hahaha, beat that #####!
XenoMar 5th 2011 7:06PM
@Xeno - you know what really cracks me up; people who use 'password'.
nathanjdillonMar 7th 2011 4:54AM
@Xeno Well mine says infinity!!!
mailMar 5th 2011 10:26PM
That is a good website to know how secure your password is. General rule to make any password strong is not to use dictionary words like "rabbit". And to mix and match using upper and lower case letters along with numbers. And if you are adventurous, you can also mix in some special characters like $, @, etc
How to never forget your passwords ever again
SilverWaveMar 6th 2011 7:06AM
But no matter how good...
...if you reuse this strong password at a multiple sites
it may as well be password123
It only takes one website hack and bad storage practices and they have the key to all your sites.
Also you may think that you have a clever scheme to generate different passwords based on a base word or part of the web address but one hack as above and your scheme is laid bare for all to see.
The only good password is a random password that you use for NOTHING else... pity they are so painful to use ;-)
2 factor authentication is the only real security.
Google are doing well here.
KevinMar 6th 2011 10:25PM
'abcdefghijklmnopqrstuvwxyz' would take 19 Sextillion Years to crack. looks like i have my new password.
JimDunlopMar 7th 2011 1:23AM
Many commenters are forgetting that this service ONLY emulates a brute force style attack. There are far more elaborate ways to extract passwords from an encrypted hash that don't rely on simple trial & error...
Sheer length means nothing. There are some wicked algorithms out there that are pretty impressive.
For instance, any time you use a character more than once in your password may give a hacker a small clue. Having your password a certain number of characters in length may also affect the hacking speed and ability...
I remember having a conversation about this with a friend who has done some cryptography work. I told him that I used an entire Bible verse as one of my passwords -- good luck hacking that! But he told me that knowing THAT FACT ALONE would make hacking it fairly easy, as it would be possible to construct the correct algorithm for the job.
I find this site to be far more reflective of password strength, as it assigns points for each element of security, then adds and subtracts them based on certain criteria.
http://www.passwordmeter.com/
Here is an excellent set of myths regarding passwords: http://www.symantec.com/connect/articles/ten-windows-password-myths
SugarDaddyMar 7th 2011 12:42PM
@JimDunlop
Also, this site could be harvesting passwords to add to the rainbow tables.
XenoMar 7th 2011 6:29AM
@nathanjdillon - suffering succotash! now don't that beat all!