Think you have a strong password?

[z3r010]

A team of hackers has managed to crack more than 14,800 supposedly random passwords - from a list of 16,449 - as part of a hacking experiment for a technology website.

The success rate for each hacker ranged from 62% to 90%, and the hacker who cracked 90% of hashed passwords did so in less than an hour using a computer cluster.

The hackers also managed to crack 16-character passwords including 'qeadzcwrsfxv1331'.

Read more: Think you have a strong password? Hackers crack 16-character passwords in less than an hour | Mail Online
Follow us: @MailOnline on Twitter | DailyMail on Facebook
​

Think you have a strong password? Hackers crack 16-character passwords in less than an hour | Mail Online

 

[Layback Bear]

The next question is; what do we use for password now?

 

[z3r010]

Huge long phases or song lyrics........ChickityChinatheChinesechickenYouhaveadrumstickandyourbrainstopstickin

 

[boohbah]

what song is that from then?

 

[Jacee]

Phrases are great to use ..... as long as you remember them, and they're not popular

 

[Kari]

I use addresses of friends and family, complete with zip code and city. An example: let's say my cousin's name is Peter and he lives in 122 Thisandthatstreet FI-16520 Tampere (zip and name of a city in Finland), and I would be using him (his address) as password to Outlook.com. The password would be 122ThisandthatstreetFI-16520Tampere.

On my mobile I have an encrypted list of passwords where this would be told as "Outlook.com - Peter".

This is of course not an unbreakable system but it works for me, making it quite easy to create and manage multiple long passwords.

 

[Dwarf]

Whilst it is generally held that longer passwords are usually more secure than shorter ones, that is not necessarily the case. It all depends on the characters used when creating said password. Unfortunately, some websites are very insecure because they only allow alpha-numeric (and in some case only alphabetical characters (and, even more disturbingly, only lower or upper case and not both)) for their passwords.

A typical password that many people still use, despite repeated advice to use something far stronger, is password, and we can see from this that each letter is a lower case alphabetical character. That means that each letter can only be 1 of 26 different possibilities, and thus is easy to crack. Utilising both upper and lower case characters increases the security (although it is still weak) because each character can now be 1 of 52 (2*26) different possibilities, plus there is an extra factor of not knowing where upper and lower case characters appear in the password. To increase this still further, numerical characters (0-9) can be brought in, thus each character can be 1 of 62 different possibilities (2*26+10). In addition, adding special characters (such as $, %, &, etc.) can increase the security even further. In both of these latter 2 cases, again there is the additional factor of not knowing in which position a particular character type lies.

Thus we can have password (weak), passWorD (stronger, but still relatively weak), PasSw0rd (getting better), and finally, the strongest of them all, p4$sWoRd, which employs all 4 character classes. Note that these are still weak, but they just serve to illustrate the example.

For a relatively secure password (and we need to remember that it is something that we need to be able to recall, as a forgotten password is like a lock that you have lost the key for), I recommend a minimum length of 12 characters, with at least 1 character from each of the 4 character classes.

As John mentioned above, pass-phrases are also a good idea, and the security of these can also be enhanced by the same methods I described above.

 

[nommy the first]

Most of my passwords consist of a random combination of two French and one Dutch word, normal and capital letters throughout, and a few numbers in the middle..
Backups only written on paper stuffed somewhere in a drawer in my bedroom.

All those years I thought I'd be safe from dem nasty hackers, while they'd probably crack my passes in a few hours:shock:


Nommy

 

[Dwarf]

The language(s) used when creating a password is/are of no consequence to its security, only the class of characters employed. Of course, it might make a great difference to you when it comes to remembering them though, especially when you choose a word (or words) from a language that is not your mother tongue.

To further illustrate what I was talking about in my previous post, I have submitted the 4 examples used to https://www.grc.com/haystack.htm, and here are the results:

 

[Solarstarshines]

Huge long phases or song lyrics........ChickityChinatheChinesechickenYouhaveadrumstickandyourbrainstopstickin

at first I was thinking ChittyChittyBangBang but someone would figure it out

 

[nommy the first]

The language(s) used when creating a password is/are of no consequence to its security, only the class of characters employed.

I am aware of that, but I chose for French because it uses a lot of words with characters like ç and à, which I use freely in my paswords (for example the word garçons, or more likely in my password, gArç0n$).


Nommy

 

[Dwarf]

Even though you are using words containing accents (and assuming that you use at least one character from each class), you still only have the same search space depth of 95 characters because accented characters are included in the special character class. Thus both gArç0n$ and gAr$0n$ will rate as being equally strong (or weak, depending on which way you look at it) on https://www.grc.com/haystack.htm

 

[nommy the first]

Even though you are using words containing accents (and assuming that you use at least one character from each class), you still only have the same search space depth of 95 characters because accented characters are included in the special character class. Thus both gArç0n$ and gAr$0n$ will rate as being equally strong (or weak, depending on which way you look at it) on https://www.grc.com/haystack.htm

Following that link, and using one of my older passwords which I don't use anymore, I think I'm good


Nommy

 

[Kari]

Even though you are using words containing accents (and assuming that you use at least one character from each class), you still only have the same search space depth of 95 characters because accented characters are included in the special character class. Thus both gArç0n$ and gAr$0n$ will rate as being equally strong (or weak, depending on which way you look at it) on https://www.grc.com/haystack.htm

Just testing one of my address passwords, looks not too bad:

​

 

[Solarstarshines]

lol I put one of my many passwords in I got this I doubt anyone could live long enough to crack it

I think im good

 

[lehnerus2000]

xkcd

Passwords are like DRM schemes, they only inconvenience legitimate users (pirates and hackers are basically unaffected).

Here's an old "xkcd" comic about passwords:
xkcd: Password Strength

 

[SIW2]

杂碎是伟大的金曜日の朝

 

[McRuff]

lol I put one of my many passwords in I got this I doubt anyone could live long enough to crack it

I think im good

Here is the result of my pass-phrase that I use on an encrypted container to transporting documents.

Joseph Heller - "Just because you're paranoid doesn't mean they aren't after you"

 

[Wenda]

I use the make, model and engine number of a motorcycle I once owned (pic a). The router
password is the gearbox model and number (pic b).

A dedicated attack would crack them, but they're not something anyone would guess easily, if at all.

I tried them in Haystack, this is the result... Think I might need better ones, although the second result (gearbox no.) isn't too bad.


Wenda.

 

[Wenda]

OK, I tried this one for a lark more than anything, expecting it to rate fairly
low, as it's such a well-known expression.

Boy, was I surprised!!


Wenda.