How strong is my password?

The faster processors like CPU’s and GPU’s become, in addition to using them for byzantine calculations like orbital mechanics, finding the largest prime number ever, bitcoin mining, economic theory, and figuring out how many angels can dance on the head of of a pin, more hackers will use them to try to crack your password.

I’ve written about strong passwords before, but it becomes more and more important almost with each passing month to make sure that your personal data – financial records, credit card numbers, birth date, Medicare numbers, bank accounts, and the like – stay safe. Because the bad guys want them. And there are more bad guys than ever. And they are worse than ever. Since August 26, 2020 there have been four separate attempts to access my Microsoft account from Turkey, Belarus, Thailand, and an unknown location – fortunately all unsuccessful because my password is relatively strong.

I just did another comparison for the sake of not being able to sleep at 2AM, and because that’s the rabbit hole my mind decided to go down. There is a website named, just like the title of this post, “How Secure is my Password?” and using it will tell you how easy it is for a computer¹ to crack your password by brute force (that is, just trying every possible random combination of numbers and letters and such).

Some examples:

PasswordTime required to crack
mW_37UmK4B),b(L}41 trillion years
Hotmail%23464321 BYZ3 Sextillion Years
Choice Berry Worthless Kaboom300 Decillion Years²
passwordinstantly
George400 milliseconds
(about 1/2 second)
my dog butch54 years

The lesson is hidden in the patterns. Random collections of numbers, letters (upper and lower case), and special characters are good. A lot better than dictionary words. Adding spaces is better. But using a sequence of four random words separated by spaces is still best of all, and are often easier to remember (see this XKCD comic for reference).

Regardless of what system you use, our online existence requires an increased use of passwords. Some people have hundreds that they use, and of course it’s always recommended to use a different password for each account – because if you don’t and a bad guy gets one, he can get into everything that you have used that password for. As a result, some sort of a password vault or storage system is a good idea. Keeping your passwords in an encrypted file works, but you have to remember one master password to get into it, and you need to make sure that one master password is a strong one. Other solutions are available online – you can check them out and decide which one best meets your needs.

But remember that the takeaway here is “frustrate the bad guys: always use strong passwords.”

The Old Wolf has spoken.


Footnotes:
¹ I have no idea what the computing power of that hypothetical device is – whether it’s an 80168, or a core i7, or some insanely fast GPU, or the Summit supercomputer delivering 148.6 petaflops. So the numbers given need to simply be looked at in terms of relativity. A password that will be cracked in 3 microseconds is going to be far weaker than one that takes a trillion years.

² 300,000,000,000,000,000,000,000,000,000,000,000 years, in case you were wondering.

One response to “How strong is my password?

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s