Passwords: hard to remember, easy to break

Posted on 12 Apr ’12 by Earl Moore

Earl Moore Photography
Things Broken - Urban Decay, Salisbury, NC

I’ve been on the Internet a long time and have seen the major changes and improvements. However, the threats have also changed and become more advanced and dangerous as well.

Almost everywhere you do commerce or store personal information requires an User ID and Password to gain access. In the beginning of my Internet “career” I used very simple passwords that were easy for me to remember and were quick to type. I didn’t think much about anyone else trying to get access to my accounts — heck, any of you old enough to remember your parents leaving their door unlocked and ground floor windows open at night, I do.

The situation is totally different today with hacking software that allows someone to break your password quickly using a standard PC. There is a handy and safe Internet site “How Secure Is My Password?” which will test you passwords and tell you approximately how long it would take a PC to break or guess your password. Try it out — it’s a real eye opener! :-o

Over time my passwords have evolved, reflected by how long “How Secure Is My Password?” shows it would take to break them.

  1. xxxxxx – one of my first passwords, 6 characters, letter & numbers, easy to remember – 8 seconds to break.
  2. xxxxxxxx – one of my second generation passwords, 8 characters, letters, easy to remember – 13 minutes to break.
  3. xxxxxxxx – one of my third generation passwords, 8 characters, letters & numbers, a little harder to remember and type – 3 hours to break.
  4. xxxxxxxxx – one of my fourth generation passwords, 9 characters, same as 3 above with special character added – 108 days to break.
  5. xxxxxxxxxxxxxxxx – firth generation password, 16 chars, letters & special characters including spaces, a phrase easy to remember – about 1 trillion years to break.

The main factor seems to be the length of the password but longer passwords, especially with special characters, are harder to remember.

I read somewhere we’ve reached a point in time where our everyday passwords are almost impossible for us as human beings to remember but easy for computers to break. Often, in order to remember them, we have to write them down. Doesn’t make sense does it?

A simple phase with “spaces” or “numbers” allowed seems to be the coming trend for highly secure passwords you can actually remember (and type.) Recently I’ve been changing to this type of password for many of my accounts I use on line.

The ironic thing is two of the banks I use for online banking, Bank of America and Wells Fargo, have more restrictive password policies which restrict the use of my fifth generation type of passwords. Go figure — accounts I most want to secure make it more difficult to have a password as unbreakable and as easy to remember as my personal WordPress blog logon. :-(

Life — it’s a hoot!


What Others Are Saying

  1. Jeff 12 Apr ’12 at 2:08 pm

    I have been using LastPass for a while now and that seems to have solved my password dilemma. By using that program, I only have to remember 1 master password and it remembers the rest. I have the same password issue with banks that you have. It is pretty odd eh?

    • Earl 12 Apr ’12 at 2:32 pm

      Hi Jeff, I use a program similar to “LastPass” called “1Password” which does definitely help but I’m still slowly switching over to longer, more secure and easier to remember phrase passwords. The bank thing is odd. Thanks.

  2. Paul 12 Apr ’12 at 2:22 pm

    Hey, Earl, thanks for the write up and the link. I tried one of my passwords. It would take 928 years to break! Sweet. I think that I’ll stick with it and similar. When I worked for the government, down in South Carolina, they made us use some pretty strong passwords. They had to have upper and lower case letters, numbers, and special characters and be at least 12 digits long. Pain in the butt to remember, but pretty secure. I’ve adopted similar password schemes in my daily use, though not as long. I tried one of them that I used while there and the answer came out to 193 trillion years! Damn! Not worth the effort to try to crack that one! LOL
    Paul recently posted… Unplugging – How much?

    • Earl 12 Apr ’12 at 2:37 pm

      Paul, realistically I think after a few hours, days, or weeks of processing without breaking a password a hacker would move on to an easier target…so 928 years or 193 trillion years — it’s all the same — ur pretty secure! ;-)

      There’s definitely easier targets out there…like those who would use their names or “11111” as passwords if allowed. I work with some of them. :-)

  3. Ken Bello 12 Apr ’12 at 6:13 pm

    I’m in the process of reorganizing passwords since some of them are many years old and I just never think about them. I’m definitely going to check out LASTPASS and 1PASSWORD as well. This is also a good time to delete some old accounts as well. Lots of valuable information. Thanks.
    Ken Bello recently posted… BLUE MONDAY 4

    • Earl 12 Apr ’12 at 11:03 pm

      Ken, I suspect you might find one of those password application useful and I have some old accounts I need to delete as well. Your right…a good time time to do so.

  4. Ove 13 Apr ’12 at 4:29 pm

    Oh….okay. I tried and got the picture. Twice, that said; I also enjoy the photo you have published here. There’s something with brick walls…
    Ove recently posted… 104

    • Earl 13 Apr ’12 at 9:39 pm

      Thanks, Ove.

  5. Don 14 Apr ’12 at 11:24 am

    I like your idea for the a very latest kind of password. I’m tired of passwords that are forced on me that I can’t remember. Writing them down seems like such a poor solution. Good information today!

    • Earl 17 Apr ’12 at 7:22 am

      Thanks, Don.

  6. Mark 15 Apr ’12 at 7:40 am

    Interesting site Earl. I liked the link at the bottom where it takes you to the security consultant’s site on the top 10,000 passwords used. Some pretty interesting and humorous data he posted.

    I have to wonder about the calculation method though. I remember the old movie days where they showed a password trying to be hacked, and the computer gave feedback one character at a time if it was correct. Of course that feedback doesn’t exist (not sure if it ever did?). But I do wonder about the logic they use in calculating the time period.

    These days, as long as you stay away from that top 10,000, and use a combination of letters/numbers, it seems you are more likely to have your credit card stolen from some company’s system security breach than you are to have someone hack in using your password.
    Mark recently posted… Ignoring the camera

    • Earl 17 Apr ’12 at 7:26 am

      Mark, seems I read somewhere that the logic for calculating the time period was simply one of brute force…a PC of a defined speed trying all the possible combinations. Totally agree it’s more likely you’d have a credit card number stolen…there usually more profit to that anyway. Thanks.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>