Uncrackable Passwords

Cybercrime Awareness

Today, we are all aware of the cyber threats.  We have read about it, or the IT office keeps sending us phishing information,  or heard of an acquaintance that has fallen victim to identity theft.  But what we do not understand is that we can also fall prey to those hackers, if we do not do our part.

I have always been a loyal follower of the rule passwords must contain a combination of letters, numbers, and special characters.  In those years, I believed for so long that what I have are very strong passwords, or so I thought.  Just a few weeks ago, my Facebook account was compromised and I was locked out.  This experience made me realize that 1.) my password was not secure after all; and  2.) the first level of defense against these cyber attacks is coming up with a really strong password that is hard to crack.

The next thing to do is to differentiate the weak one to a strong one.  And who else should I ask on how to do it?  Of course, the ever reliable Google!  After searching  password checker, I was introduced to this brilliant site, Password Checker Online.   What makes this site helpful is how it analyzes each password by informing the user:

  • If the password is in the top 10,000 frequently used ones
  • Cracking time estimate; and
  • Dictionary attack check

I tried typing in a usual password like 12345678910 and the results says that the longest time that this password can be cracked is about 17 minutes, using a standard PC and can be hacked by a medium botnet instantly!  This is not  also a safe word combination based on the dictionary attack check, obviously.

Then I played around with something that I think would be a good password.  Since my little girl loves Mary Had A Little Lamb, I got it’s first letters, like this:

Mary had a little lamb its fleece was white @s $now
Mhallifww@$

Although a standard PC would take about 6 million years to crack this, a medium-size botnet,however, can decipher it in just 6 months!

To make it more invulnerable, I finished the stanza:

and everywhere that Mary went the lamb was sure to go
Mhallifww@$aetMwtlwstg

Guess what, it will take 8 octillion years for a standard PC and 8 sexctillion years for medium size botnet to crack this password!  Perfect!

After playing around with this site, I learned that a password should:

  • Be a combination of uppercase letters, lowercase letters, numbers and special characters.
  • Be 12 or more characters
  • Not be a dictionary term
  • Not a name or address
  • Not any data important to you, such as social security number, phone number, etc.
  • Be unique in every site account
  • Not be recycled

Frequency on the change of password

Experts’ opinions are divided with regards to  how often passwords should be changed.  Others say that it should changed every month, while others believe that it should be changed only once a year.   However, I was told that this should be changed:

  • Every 6 months for passwords less than 10 characters
  • Every 12 months for more than 11 characters

Now that you have a strong but long password, the next problem will be how to memorize it all.  That would be in the next article…

Be the first to comment

Good ideas shouldn't wait. Share your thoughts.