This is the most glossed over but probably the most important subject in IT. Simply put, if you have an easy to crack password then it will, not may, cost you possibly* thousands of your hard earned money (*Account balance allowing).
To prove that point we have cases of an international company whose emails were hacked on the cloud and their bank paid out £14,000. Another a firm acted on a bogus email and proceeded to pay out £127,000. The reason was down to a weak password.
Playing with P@ssw0rd$
At cmx computing we have been playing with passwords using a free commercial password strength checker from one of the big anti-virus companies. The results will definately surprise you.
The system works out how long it would take to crack a password if you used a reasonably powerful home computer so “Password1” would take less than a second and “.2l5 20nm05u2v 5j2v552i2m-9” would take more than 10,000 centuries.
Toughest all round
The toughest passwords apparently contain a random collection of letters, numbers and characters. “DdFGGrgeE” would take 2 years to crack and by adding a random number to make “DdFG3GrgeE” it changes to 300 years. There are two problems; Its hard to remember and slow to type in.
So most people opt for what they think is the clever password using a system known as “Leet” where a number represents a letter it looks like, these are usually 1 for L, 3 for E and so on. Even with a twist P@55w0ed will take 14 hours. This is not that much faster than previous methods. (The twist was that the “r” was replaced with “e”)
Here at cmx we have been trying to find something that’s easy to remember, unique and quick to type in while still being hard to crack quickly.
The password solution.
The quick answer is don’t have one! Remember the old black and white spy films from the 1950’s, where the agents meet in red square and use pass phrases? “The wind blows from the east in January” – that would take10,000,000+ years to crack. Its a bit long so how about “Susan has 2 red shoes and 3 black” same high rating, but its a bit long. We tried “3 Green 2 Blue” that got 3,000 years.
So whats the answer to the best password?
The ideal password is easy to remember, quick to type and hard to break. We decided the ultimate answer was this “3 Green 2 Blue socks”. It ticks all the boxes and will take over one thousand centuries to crack using an Intel Core i7 home computer. That’s food for thought isn’t it?
Or is this your idea of passwords? We have tried to obscure the obvious, our blog is read by all ages!