Wednesday, November 12, 2008

How strong is your password?

Kind of a Dirty Harry question, eh? This is, after all, what grants the keys to the kingdom. Forget Metasploit, password guessing is the easiest way to get into a computer (including yours).

Quick rules for a good password:

Complete words are a no-no. People try to guess these. Some words (your user account name) are double plus ungood.

Make sure there's a mix of upper case, lower case, and numbers or special characters (like punctuation). The password has to match character for character, so having hard to guess characters is A Good Thing.

Using a passphrase is a good idea. If you take the first letter from each word in a sentence that you can remember, you'll typically have a strong password. For example, "It is a far, far better thing I do than I have ever done before." gives you a password of Iiaf,fbtIdtIhedb. That's one heck of a password there, Scooter.

Test your password strength. Handy calculator here. Don't get too excited about the number, as long as it's decently big.

So, Ted, how'd your password do? Thought you'd never ask:
Your password is 12 characters long and has 117,451,023,583,608,832 combinations.
It takes 427,284.33 hours or 17,803.51 days to crack your password on computer that tries 137,438,953,472 passwords per hour. This is based on a typical PC processor in 2008 and that the processor is under 10% load.

1 comment:

EDGE said...

I think my password is pretty strong...but if anybody figures it out I'm pretty screwed.