Passwords: hard to remember, easy to break
Posted on 12 Apr ’12 by Earl Moore
I’ve been on the Internet a long time and have seen the major changes and improvements. However, the threats have also changed and become more advanced and dangerous as well.
Almost everywhere you do commerce or store personal information requires an User ID and Password to gain access. In the beginning of my Internet “career” I used very simple passwords that were easy for me to remember and were quick to type. I didn’t think much about anyone else trying to get access to my accounts — heck, any of you old enough to remember your parents leaving their door unlocked and ground floor windows open at night, I do.
The situation is totally different today with hacking software that allows someone to break your password quickly using a standard PC. There is a handy and safe Internet site “How Secure Is My Password?” which will test you passwords and tell you approximately how long it would take a PC to break or guess your password. Try it out — it’s a real eye opener!
Over time my passwords have evolved, reflected by how long “How Secure Is My Password?” shows it would take to break them.
- xxxxxx – one of my first passwords, 6 characters, letter & numbers, easy to remember – 8 seconds to break.
- xxxxxxxx – one of my second generation passwords, 8 characters, letters, easy to remember – 13 minutes to break.
- xxxxxxxx – one of my third generation passwords, 8 characters, letters & numbers, a little harder to remember and type – 3 hours to break.
- xxxxxxxxx – one of my fourth generation passwords, 9 characters, same as 3 above with special character added – 108 days to break.
- xxxxxxxxxxxxxxxx – firth generation password, 16 chars, letters & special characters including spaces, a phrase easy to remember – about 1 trillion years to break.
The main factor seems to be the length of the password but longer passwords, especially with special characters, are harder to remember.
I read somewhere we’ve reached a point in time where our everyday passwords are almost impossible for us as human beings to remember but easy for computers to break. Often, in order to remember them, we have to write them down. Doesn’t make sense does it?
A simple phase with “spaces” or “numbers” allowed seems to be the coming trend for highly secure passwords you can actually remember (and type.) Recently I’ve been changing to this type of password for many of my accounts I use on line.
The ironic thing is two of the banks I use for online banking, Bank of America and Wells Fargo, have more restrictive password policies which restrict the use of my fifth generation type of passwords. Go figure — accounts I most want to secure make it more difficult to have a password as unbreakable and as easy to remember as my personal WordPress blog logon.
Life — it’s a hoot!