Why password strength matters

Posted by zeth 1337
April 23, 2006

If you're new here, you may want to subscribe to the newsletter or RSS feed. Thanks for visiting!

I read an interesting article demonstrates the value of strong passwords. Many people see passwords as obstacles to what they need, rather than the security mechanisms that they really are. Treat your passwords like your front door locks, like your social security number, and like your debit card; they all deserve healthy respect.


The article demonstrates the maximum time five different attacks would take to crack various passwords. The five attacks are differentiated by the computer speed and number of computers participating in the attack.

I find it ironic that passwords comprised of only four numbers (no letters) can be instantly cracked by even the slowest single processor. Shouldn’t our debit card PIN numbers be made at least six digits? However, even a six digit password gets cracked in a minute and a half by the slowest computer.

Using six mixed upper and lower case letters appears to increase the crack time to 23 days for the slowest computers, but only about 3 minutes on the fastest computer/cluster you could expect to be attacked with.

It appears using an eight-digit password comprised of numbers, upper case letters, and lower case letters is one of the strongest passwords. It gets cracked in 25 days by the fastest attack method and 692 years by the slowest.

The article points out that using special symbols (i.e. $, %, &, *) create even greater variations, but I shy away from using these. Symbols are often significant to many computer languages, and when they appear in some passwords they can potentially bug and crash software. Done carefully they may not, but my policy is to stick with the previous method.


The problem is we are human, and we more easily remember “joebob” rather than “mfTiAI06″. The secret to creating strong yet easily remembered passwords is to think of phrases meaningful to you, then use the first letter of each word. “mfTiAI06″ is meaningless to anyone but the person who knows that “my favorite Television is American Idol ‘06″.

I like to make my passwords from little motivational phrases, like “I am going to perform my best today” which can become passwords like Iag2pmb2d. Then you are motivated and positively reinforced throughout the day. Each time you must enter your password becomes less a chore and more a positive experience.

Privacy Protection, Technology Tips

If you enjoyed this post, please consider to leave a comment or subscribe to the feed and get future articles delivered to your feed reader.

Comments

No comments yet.

Leave Your Comment
Our Community's Comment Guidelines:
  1. Please stay polite and on topic.
  2. Your email will never be published.
  3. No profanity or euphemisms for profanity.
  4. No personal attacks, name-calls, put-downs, or baiting other guests, races, genders, or religions.
  5. Express opinions, facts, logic, and reasoning; just don’t argue for argument’s sake.
  6. No commercial links (unless absolutely relevant to the discussion) and no religious proselytizing.
  7. No religious discussions (for or against). Go to http://religiondebates.blogspot.com for religious discussions.
  8. Use the "I" word as much as possible to demonstrate responsibility.
  9. Limit yourself to using one name per thread to demonstrate responsibility.
  10. If you think a comment is inappropriate, ask Joe to review it.