Tips for Strong Passwords

Do you use strong passwords?  Are you sure?  They are the key to keeping your information safe and secure.  Since strong passwords are so important, a basic understanding of what constitutes a difficult to hack, strong password is essential.

A strong password should be long.  It should not be comprised of one word or a word followed by digits, dates or special symbols.  It really shouldn’t be an easy number combination like 123456.  Names, places and individual words in any dictionary should be avoided.

Why? Password hackers use dictionaries and names first.  Then, they tack on digits, dates and special symbols in an attempt to crack a password.  By the way, they use dictionaries in all languages, so don’t become complacent with your easy password in French or any language other than English.  Hackers will use a computer to accomplish this brute force hacking technique, so each attempt only takes milliseconds.  Easy word and numeric combinations can be cracked in seconds to minutes.

Online-Domain-Tools.com has a password checker that provides an estimate of the amount of time it would take a brute force attack to crack a password.  Here are some estimates from this site:

1234 – is a top 1000 password.  It will be cracked in 0 seconds

123456789 – also a top 1000 password.  It will be cracked in 0-10 seconds depending on computer speed.

ILOVEYOU – Still a top 1000 password, but longer.  Depending on computer speed, it will take 0 seconds to 35 minutes to crack.

Here are some strategies for a strong password:

  • Pick a long phrase
  • Substitute certain letters with characters or numbers

Using the password checker from Online-Domain-Tools.com, let’s break down a phrase word by word to see how much more difficult it is to crack with the addition of each word or symbol.  The phrase will be “My Golden Retriever is Lucy”.

passwords

  1. My – 0 seconds
  2. MyGolden – 1 second to six days, depending on computer speed
  3. MyGoldenRetriever – 573 million to 573 trillion years
  4. MyGoldenRetrieveris – 2 trillion to 2 quintillion years
  5. MyGoldenRetrieverisLucy – 11 quintillion to 11 septillion years

As you can see, longer is better.  To make this phrase even stronger, substitute a number of symbol for 1 or two letters.  For this example, let’s use an @ sign for “G” and a 4 for “R or r”.

  • My@olden4etrieve4isLucy – 874 septillion years to 874 nonillion years.

That’s a pretty strong password.  It must be as I don’t even know how many zeros are in a nonillion.

 

Another strategy that may be used is to pick a phrase and only use the first letter of each word in the phrase.  Then, substitute numbers of special characters for certain letters.  Continuing with the above example, we’ll make the phrase a little longer.  The phrase will be:

  • My Golden Retriever is Lucy and she is a good dog

When we only use the first letter of each word, the password becomes MGRiLasiagd.  This password alone is not very strong.  According to the password checker at Online-Domain-Tools.com, the time to crack it is shown below.

  • MGRiLasiagd – 21 hours to 29 thousand years, depending on computer speed.

However, if we substitute a ! sign for each “i” and a @ sign for each “a”, the password becomes much stronger.

  • MGR!L@s!@gd – 40 years to 476 million years depending on computer speed.

A longer password is a stronger password.  The preferred method is a long phrase with the substitution of numbers or special characters for certain letters in the phrase.  Using the first letters of a phrase and substituting numbers or symbols for certain letters is not as preferable nor as strong as the use of a long phrase.  However, it can make an effective password (40 years is still a long time).

The key takeaways are to make your passwords long and don’t use one-word, easy passwords.  Never, ever use a password like “abc123”.  It’s easily guessed and can be cracked in seconds.