Most of us tend to choose a password that is easy to remember, and in most likelihood it is all in lowercase and perhaps it is either someone’s name or a word that you can find in the dictionary and in some cases just numbers, which are the worst kind. If this is the case, you may as well not even have a password since an average computer can crack it within seconds if not instantly. For example, a password such as sunshine (which is a commonly used by many) can be cracked instantly. This is because this is a word that is found in the dictionary.
Here is an explanation of how to turn a common password into impossible to crack and the important criteria to consider:
1. Length of password
2. Combination of lower and uppercase characters, numbers and special characters like !@#$%^&*/
If you choose sunshin (that is without the “e”), it will take about 2 seconds to crack it, which is longer than instantly if it were a full word. If you replace the last “e” with a number like 3 (i.e. sunshin3), it will take an average computer 11 minutes to crack it. But this is only with lowercase and numbers. Replacing one lowercase with uppercase will vastly increase its security. A password like Sunshin3 will bump it’s cracking time from 11 minutes to 15 hours, and that is just with one uppercase letter. What if you were to keep it at the same length, but simply replace a character with a special character, like Sun$hin3? Well this will now take 3 days for a computer to crack the password. The only thing that can help you from this point on is the increasing the length. With addition of each character you increase the security of the password exponentially. If you have a password such as Sun$hin3forever, which is now 15 characters long, it will take approximately 157 billion years for a desktop computer to crack it. My guess is that anyone who wants your password really bad, is not going to tie up the computer for that long and will give up after the first billion years.
Remember that there are supercomputers that can process quadrillion floating point operations (petaFLOPS). Which is much much much faster than a desktop computer. Every password can be cracked, the point is to make it as difficult as possible for the hackers to do so. On average, if a hacker cannot crack a password in a timely manner (depending on how bad they want it), they will simply move on to the next target.
I just realized, that I shared my password with the whole world in this article. Not to worry, I will change it tomorrow.
Please tune in for my next article where I will discuss more about passwords and the perils of using the same one for multiple sites, and how to protect your passwords within a vault.