How strong is my password?

The faster processors like CPU’s and GPU’s become, in addition to using them for byzantine calculations like orbital mechanics, finding the largest prime number ever, bitcoin mining, economic theory, and figuring out how many angels can dance on the head of of a pin, more hackers will use them to try to crack your password.

I’ve written about strong passwords before, but it becomes more and more important almost with each passing month to make sure that your personal data – financial records, credit card numbers, birth date, Medicare numbers, bank accounts, and the like – stay safe. Because the bad guys want them. And there are more bad guys than ever. And they are worse than ever. Since August 26, 2020 there have been four separate attempts to access my Microsoft account from Turkey, Belarus, Thailand, and an unknown location – fortunately all unsuccessful because my password is relatively strong.

I just did another comparison for the sake of not being able to sleep at 2AM, and because that’s the rabbit hole my mind decided to go down. There is a website named, just like the title of this post, “How Secure is my Password?” and using it will tell you how easy it is for a computer¹ to crack your password by brute force (that is, just trying every possible random combination of numbers and letters and such).

Some examples:

PasswordTime required to crack
mW_37UmK4B),b(L}41 trillion years
Hotmail%23464321 BYZ3 Sextillion Years
Choice Berry Worthless Kaboom300 Decillion Years²
George400 milliseconds
(about 1/2 second)
my dog butch54 years

The lesson is hidden in the patterns. Random collections of numbers, letters (upper and lower case), and special characters are good. A lot better than dictionary words. Adding spaces is better. But using a sequence of four random words separated by spaces is still best of all, and are often easier to remember (see this XKCD comic for reference).

Regardless of what system you use, our online existence requires an increased use of passwords. Some people have hundreds that they use, and of course it’s always recommended to use a different password for each account – because if you don’t and a bad guy gets one, he can get into everything that you have used that password for. As a result, some sort of a password vault or storage system is a good idea. Keeping your passwords in an encrypted file works, but you have to remember one master password to get into it, and you need to make sure that one master password is a strong one. Other solutions are available online – you can check them out and decide which one best meets your needs.

But remember that the takeaway here is “frustrate the bad guys: always use strong passwords.”

The Old Wolf has spoken.

¹ I have no idea what the computing power of that hypothetical device is – whether it’s an 80168, or a core i7, or some insanely fast GPU, or the Summit supercomputer delivering 148.6 petaflops. So the numbers given need to simply be looked at in terms of relativity. A password that will be cracked in 3 microseconds is going to be far weaker than one that takes a trillion years.

² 300,000,000,000,000,000,000,000,000,000,000,000 years, in case you were wondering.

Hackers around the world

Holy Mother of Mogg!

I don’t use my Hotmail account very often, but I keep it around for a few odd reasons. I just saw a post at reddit and thought I’d better check my own account.


And that’s only the last few days!

Folks wonder why their email accounts get hacked; with this kind of assault, if you don’t have a strong password, it’s very likely your email account will be taken over by some random hqiz-eater and used for sending out spam or malware.

Takeaway: Use Strong Passwords! In some ways it may be like keeping honest people honest, but for the average user, it’s usually the best form of prevention. As for the bottom-feeding scumbags, by the sacred skull of Mogg’s grandfather, may the universe reward them according to their works.

The Old Wolf has spoken.

Use Strong Passwords!

The incidence of email hijacking is on the rise – spammers have discovered that many email accounts are child’s play to get into. Once done, the victim’s entire address book is scarfed up and used to send out spam, phishing solicitations or malware.

First of all, I hope these wastes of human cytoplasm find themselves buried beneath 7 kilometers of burning camel ejecta in Bolgia 11 of the Eighth Circle of Hell (also called Malebolge, reserved for those who perpetrate fraud.) Students of Dante will remind me that there are only 10 Bolgias. I just created a new one for cybercriminals, so there.

Now that I have that off my chest…

Use strong passwords! published a list of the 25 most common passwords, which I reproduce below:

  1. password
  2. 123456
  3. 12345678
  4. 1234
  5. qwerty
  6. 12345
  7. dragon
  8. pussy
  9. baseball
  10. football
  11. letmein
  12. monkey
  13. 696969
  14. abc123
  15. mustang
  16. michael
  17. shadow
  18. master
  19. jennifer
  20. 111111
  21. 2000
  22. jordan
  23. superman
  24. harley
  25. 1234567

I won’t go into a Freudian analysis of this list, although that topic would be rife with opportunities for sarcasm; however, each of these passwords would be cracked instantly by the average scammer.

Simply adding a few numbers or special characters changes the landscape radically; below is a table of variations on “password”, along with the time required for the average desktop PC to crack it1:

password instantly
password1234 37 years
Password1234 25,000 years
password 1234 333,000 years
Password!1234 26 million years
 Password 1234 51 million years
P@ssword 1234  465 million years
 This Password Is Mine  5 sextillion years

So here are some simple rules about creating passwords that you can use to keep your private accounts safe from hackers:

  • Never use a dictionary word
  • Capital letters are good
  • Special characters are good2.
  • Combinations of capital letters are even better
  • Adding spaces is best of all (see footnote). A sequence of random words, such as “wolf aardvark tapioca wellsfargo” would take 633 decillion years to crack (that’s 633,000,000,000,000,000,000,000,000,000,000,000.)

So use some common sense with passwords. Try the most secure option within the limitations of whatever website or application you are using, and you’ll most likely be safe from even the most determined of hackers.

The Old Wolf has spoken.

Edit: Related article – 10,000 Top Passwords

1 These figures are calculated over at “How Secure is my Password“. Check it out – it will tell you instantly how strong your password is.
2 If allowed – some system administrators – even financial institutions, if you can believe it – only allow letters and numbers, which insanity irritates me beyond measure.