Do you think your passwords are sufficiently strong? I think most people do. I suspect that the longer a person goes without a problem, the more likely she is to think herself safe.I know that's the case with home security—it's been proven that most folks think their homes are impenatrable, when the reality is that they can very easily be breached, so why wouldn't that be the case with the services and programs we use--that form our "home" online?
I think it’s worth checking, just in case. We hear stories every day of companies and individuals who have accounts hacked and passwords cracked. A friend’s husband who is a security consultant tells me that it’s not a matter of “if,” but a matter of “when.”Gone are the days that looking at the Internet through rose-colored glasses is ok. Today, it's a matter of personal responsibility to do all you can to keep yourself safe.
I recently decided to check the strength of some of the passwords I use that I believed were pretty strong. I used HowSecureIsMyPassword.net to do it because it not only says whether a password is weak or strong, but it also tells you how long it would take someone using a PC to crack the password. Although what I found wasn’t really scary, in playing around, I sure learned a whole lot about how easily passwords can be made stronger.
To create an example for today’s post, I decided to check to see how quickly the password “giraffes” could be cracked. Know how fast? 52 seconds. Shorter words were cracked instantly.
I'd heard a suggestion for making strong passwords that could still be remembered—which is to take a word or at least eight characters, and add the initials of the service or thing it would be protecting in capital letters on the end. I decided to give that a go—in our case, that would be giraffesVM (for Virtual Moxie, of course). Interestingly, that got us to one year before the password was cracked. Better, but I still wasn’t feeling it.
So I decided to add a punctuation mark. I changed it to giraffesVM, (the comma was the punctuation mark I used) and guess what… 1,000 YEARS.
And just for good measure, I added a period (giraffesVM,.), which netted me 130,000 years.
It occurred to me that maybe the fact that the comma and period sit next to each other might make that combo less secure than two characters with some space between them, so I tried that, changing the period for an exclamation (giraffesVM,!) and that gave me 1,000,000 years.
Such little tweaks that seem to make such a big difference. I said "seem" because it's unclear to me that anything really makes a password “safe enough.” I mean, in my imagination, a hacker would get tired of screwing with a person after a couple of hours, max. I imagine no hacker would be trying 1,000 years later, much less 130,000 or 1,000,000. And yet I admit that I absolutely don’t know that a serious hacker, with serious hacking tools couldn’t blow through my million years in a few minutes. Maybe there simply isn't a way to be "safe enough." Still, can it hurt to make passwords super strong, when all it requires of us is a couple of extra keystrokes? I’m guessing not.
Any way I slice it, this exercise was really eye opening. If you decide to try it (and I hope you will!), let me know what you find out about your “usual” passwords and whether you chose to make them stronger!
And remember what Microsoft recommends: “ComplekspasswordsRsafer2013.” That, by the by, would take two undecillion years to crack. ;)
More info and ideas on creating strong, but memorable passwords is here: HowSecureIsMyPassword.org