Is your password safe?

This has been the big question of security for many years. You are told repetitively that this is critical. Over the injunction not to trust anybody with your valuable passowrd(s) and not to write it down, it is interesting to know what would happen if a hacker tried to crack your password with minimal knowledge (the brute force attack as the experts know it).

Password crack chart

One Man’s Blog has an interesting article explaining how easy it is to crack most passwords. The table above gives a rough idea of the frailty of most short passwords. 8 characters all in lowercase are found in around 2 days. I hope that your dat is not worth more than this small effort…

At the minimum, never reuse the same password on different web sites and for different usages.

Note: For once, I will advise you to use a Microsoft tool. Password Strength Tester freely evaluates the strength of your password.

2 comments

  1. Hello,
    I happened upon this post and thought I’d butt in (sorry).

    What you need is called a Password Manager. All that is, is a place where you can store and organize all of the logins, passwords, codes registrations and even things like frequent flyer numbers and whatnot.

    You only have to remember the password to get into your organizer, then you can forget the rest of them because you can just look them up – it makes life SO much easier.

    By getting your passwords safely stored and organized, you can make them as ludicrously long, complicated and senseless as need be, without having to commit them to memory.

    By using an online service, you can access your passwords 24/7, even when you’re on the road (and without toting around a USB key chain).

    Here is an online vs. offline comparison:
    http://passpack.wordpress.com/2007/01/29/online-vs-offline-password-managers/

    Cheers,
    Tara
    PassPack Founding Partner

  2. Personally, I don’t like the idea of betting on a single password storage, but the idea is a good one (I do use a Palm PDA to store all of my passwords just for this purpose).

    The important idea is to ensure that you have a good backup of that password vault (if it breaks down, all is lost).

    And more importantly, I would not trust an external company to handle all of my personal passwords (most of them would behave 100% ethically, but one single accident would be too much for my confort). It’s a choice to be made.

    Yves
    PS: Thanks for the link.

Comments are closed.