The faster processors like CPU’s and GPU’s become, in addition to using them for byzantine calculations like orbital mechanics, finding the largest prime number ever, bitcoin mining, economic theory, and figuring out how many angels can dance on the head of of a pin, more hackers will use them to try to crack your password.
I’ve written about strong passwords before, but it becomes more and more important almost with each passing month to make sure that your personal data – financial records, credit card numbers, birth date, Medicare numbers, bank accounts, and the like – stay safe. Because the bad guys want them. And there are more bad guys than ever. And they are worse than ever. Since August 26, 2020 there have been four separate attempts to access my Microsoft account from Turkey, Belarus, Thailand, and an unknown location – fortunately all unsuccessful because my password is relatively strong.
I just did another comparison for the sake of not being able to sleep at 2AM, and because that’s the rabbit hole my mind decided to go down. There is a website named, just like the title of this post, “How Secure is my Password?” and using it will tell you how easy it is for a computer¹ to crack your password by brute force (that is, just trying every possible random combination of numbers and letters and such).
|Password||Time required to crack|
|mW_37UmK4B),b(L}||41 trillion years|
|Hotmail%23464321 BYZ||3 Sextillion Years|
|Choice Berry Worthless Kaboom||300 Decillion Years²|
(about 1/2 second)
|my dog butch||54 years|
The lesson is hidden in the patterns. Random collections of numbers, letters (upper and lower case), and special characters are good. A lot better than dictionary words. Adding spaces is better. But using a sequence of four random words separated by spaces is still best of all, and are often easier to remember (see this XKCD comic for reference).
Regardless of what system you use, our online existence requires an increased use of passwords. Some people have hundreds that they use, and of course it’s always recommended to use a different password for each account – because if you don’t and a bad guy gets one, he can get into everything that you have used that password for. As a result, some sort of a password vault or storage system is a good idea. Keeping your passwords in an encrypted file works, but you have to remember one master password to get into it, and you need to make sure that one master password is a strong one. Other solutions are available online – you can check them out and decide which one best meets your needs.
But remember that the takeaway here is “frustrate the bad guys: always use strong passwords.”
The Old Wolf has spoken.
¹ I have no idea what the computing power of that hypothetical device is – whether it’s an 80168, or a core i7, or some insanely fast GPU, or the Summit supercomputer delivering 148.6 petaflops. So the numbers given need to simply be looked at in terms of relativity. A password that will be cracked in 3 microseconds is going to be far weaker than one that takes a trillion years.
² 300,000,000,000,000,000,000,000,000,000,000,000 years, in case you were wondering.