Securing Your Passwords

Written By: Nate Davis

Do you often get frustrated because you don’t remember your password? Has there been times when setting up a new password that you find you need to add a ‘special character’? We have all been there, and it is frustrating.

Recently I was given a password protected file that needed to be unlocked. The owner of the file didn’t know the password. They had an idea but couldn’t seem to get it to work. It was critical that we figured out the password, so I started to search for some sort of brute force password utility. For those readers who don’t know, a brute force password cracker is a computer program that uses a dictionary of words (generally around 40 million possible words) and tries plugging them in against the file. Generally, these password utilities replace “O’s” with “0’s”, and “L’s” with “1’s” to try all possibilities.

I found a brute force password cracker and began running it on the locked down file. The computer I was running it on had a very good video card, and as such, was able to try 30,000 passwords per second. So, within about 10 minutes it had found the correct password for the locked down file.

So this got me thinking, what makes a password secure against a dictionary or brute force attack? How secure are my passwords?

After doing some research I learned that it’s the length of a password that makes it more secure, and not necessarily the complexity of the password. So for example, let’s say we used the following password: “complex”

The site you enter it into says you need a capital letter, a lowercase letter, a symbol and a number. Ok, here we go: “C0mpl3x!” Pretty secure right? Turns out not so much.

With an 8-character password that was completely random, such as that example, it would take your standard computer at home 9 hours to figure it out. If you have a super computer, it could be found in minutes. Either way, your password is not as secure as you would think.

So, what can we do to make our passwords more secure? Turns out the easy solution would be adding more characters onto the password. For example: “Itreallyiscomplex!1”

It would take a computer 552 QUADRILLION YEARS to go through all the possible combinations to find your password. When working to protect your password, it’s the length that matters. The longer your password is, the harder it is for a computer to figure it out.

One recommendation for creating a more secure password would be to pick 4 words that may or may not have meaning together. For example: “apple”, “pie”, “sky”, “in”, “the” Then put them together, “Applepieinthesky!”

Now you have an easy password to remember, and it would take 52 quadrillion years for a computer to crack your password.

So, when creating a new password, pick a few words and put them together in an order that has meaning to you. Then add a capital letter, a number and a symbol. You now have a password that will be easy to remember, but highly secure in protecting your valuable information.

If you want to know how long it will take for someone to crack your password, check these sites out...