Better passwords: You, me, and qwerty

/in /by

better-passwords

I’m going to share a magic trick with you that will cause some of you to do a double take. I’m going to guess the password that you use to login to Facebook, your email, or maybe even your computer.

Ready? Here goes:

Is it –

  • password
  • 123456
  • qwerty
  • abc123
  • letmein
  • monkey
  • password1
  • (your first name)

Did I shock some of you?

In reality, I hope that for most of you I didn’t guess correctly. But statistics say that over 90% of people reading this article will use a weak password somewhere at sometime, many of which are in my list.

And hackers are betting on it.

Let me be frank with you. You want to be safe online, don’t you? You might think that because you are just the average person going about your business, that because you aren’t employed by a big corporation or government agency, you aren’t a target. Not so. No matter who you are, hackers want a piece of you.

What’s a bad password?

The worst possible password you can have is a short dictionary word, meaning a word that can be found in the dictionary. For example, let’s use “orange” as our password, without the quotes – just plain orange. A hacker will use a dictionary attack to find your password, trying every word in the dictionary until he gets your password. You may think that this will take him or her quite a while. How many words are before orange in the dictionary? What you must keep in mind is that the hacker won’t be doing the dictionary search, his computer will. And it’ll run through the dictionary in a matter of seconds.

Gibson Research Corporation (GRC) has put together a fantastic web page that shows the length of time it would take a hacker to find a password. Using the best scenario possible, they suggest that a hacker could get our password “orange” in 0.00000321 seconds.

What’s a good password?

I’ll give you a password that is virtually unbreakable:

02=ot5F%WhJV|Kyc9qZn7S{maxE#Gs8zgrDP,A*_34Cb16`lU

Seriously. Try hacking into that one. GRC says it would take 26.03 trillion trillion trillion trillion trillion trillion centuries to guess it. The problem with it? You’ll probably never use it because you can’t type it without going cross-eyed, never mind remember it.

For the average user, a great password will contain:

  • One upper case letter
  • One lower case letter
  • One number
  • One punctuation mark or symbol
  • And the longer it is, the better

Let’s start by making our password longer. How do we do that?

  1. We select another random word to go with it. Let’s use “doctor”. Now our password is orangedoctor, and already we have made a big leap forward – it would take 16.54 minutes to figure that one out.
  2. Make one letter upper case. We’ll go beyond that and make it two upper-case letters: OrangeDoctor. We’re now at 1.52 months to hack.
  3. Add in a number, and keep it in the middle for even more protection: Orange4Doctor. Time required to solve? 64.65 years.
  4. A simple punctuation mark, like a comma: Orange4,Doctor

It would take a hacker 15.67 thousand centuries to crack that password.

You’re done! You have a password that you can remember, you can type relatively quickly, and one that is infinitely safer than “orange”. You’ve made the hacker’s job much more difficult by creating a password that is exponentially more complex than monkey, your first name, or the first name of your child, or the name of the street you grew up on.

Try it – create your own, change your Facebook or email password to it, and see if you sleep a little bit better tonight.

James Blackburn is the owner of The Techno Dorks! An Edmonton computer repair company