Many sites you frequently visit these days require a password in order to enter. That’s because there usually is some form of confidential information stored behind these password protected pages.
But passwords can be cracked, so if you want to KEEP that information confidential, you’d better use a good and strong password.
And that certainly applies to your most important online accounts like bank or other money accounts. To a certain extent, I can understand (not agree!) why people want to have access to your PayPal or bank account, since there’s money to get. Greed and an easy way to make money is their motive.
But otherwise, I have NO idea why people would like to crack password for things like blogs and web2.0 sites, other than the morbid delight of destruction.
But it happens!
I had it happen to this very blog last month. Using brute force (see below).
So the lesson here is to defend your Cpanel, blog, bank and all other accounts with strong passwords that are hard to crack.
Now, I’m NOT a security specialist. All I can do is try to explain this matter in my own layman’s words and that’s what I do below.
Suppose I used a ONE character password to protect my site and that one character could only consist of the letters a to z. That would give me 26 possibilities to create my password.
If someone wanted to crack that password, all this person had to do is fill in each letter on my login page and hit submit. Including the response time this requires, this can be done at a pace of 3 times per minute. On average it requires 13 tries to find the password, so that only takes less than 5 minutes.
Now suppose I add another character to my password. Then the total number of possible combination would increase drastically, since for every character in the first position, there are 26 possibilities in the second one. Total number of combinations: 26 x 26 = 676. The average time required to find my password would become 338 / 3 = 112 minutes.
When we allow to have numbers in our password, the possibilities per character would be 36 and the total number of possible combinations when using 2 characters would be 36 x 36 = 1,296. Average time to find my password: 648 / 3 = 216 minutes.
Finally, when we also allow all letters to be in capitals, that adds another 26 options per character. So now the total number of possible combinations for a 2 character password becomes 62 x 62 = 3,844. Average time to find my password: 640 minutes!
If we would allow for more characters to be included in the password, the figures will be:
|# Chars.||Possible Combinations||Average # minutes needed to crack password|
See how the column at the right increases drastically?
THAT’S all you have to remember from this exercise.
Of course anyone doing this would be a fool, because we have computers to do things like this. And hackers and crackers use computer programs to do this. Their software starts at the left most character with ‘a’ and work their way to the most right character, scanning all combinations possible.
That is called ‘brute force’.
But for computers the same effect applies. The more options per character and the more characters used, the more difficult it becomes to find the right password combination.
Therefore, it’s wise to use at least 8 characters in your password, using a combination of upper and lower letters and numbers.
So the name of your little sister simply won’t do! Nor does the name of anyone else. You also need to include numbers and, if allowed, special characters.
If you use names, then at least don’t use names that are easy to guess. Use at least one capital and also add a number. A great way to combine everything is to replace an ‘a’ by 1 and a 1 by ‘a’. That makes names more difficult to find.
IF it’s allowed, you can also add special characters to your passwords, or even add a space, so you can make your password a phrase. Which, in general, is easier to remember.
But the fewer characters allowed, the longer your password should be!
If you’re really good in math, you can see from the table above that a 15 character password only containing letters is stronger than an 8 character password containing all possible characters on your keyboard, simply because the total possible number of combinations depends on the power of the number of characters in your password.
It’s also very wise to periodically change your password using the information above. Doing so avoids all possible hacks or cracks of your passwords since anyone on their way to compromise your passwords would have to start all over again.