Passwords made simple – and hard

We all know that we need to keep our data safe from people that don’t deserve to have it. Usually it is down to a single string of letters and numbers that we use daily and should change often to keep the bad people out.

It has to be easy for us to remember but hard to guess or difficult/slow to crack with a computer. This is where a guru of online security and crypto (secret codes etc.) comes in. His name is Steve Gibson and he runs Gibson Research Corporation (www.grc.com). Recently he had one of those “Aha” moments with passwords. They can be complex and easy to remember at the same time.

Take a password we should never use like “god”. Yes, it is easy to remember but it breaks all the rules for safe passwords. It is short, is a word you find in the dictionary, no capital letters, no numbers and no special symbols. Now for comparison, Steve has made a calculator on how long it would take a computer to crack a password after trying all the dictionary words. You will find it here..

Now using this calculator it would take a slow online attack less than 19 seconds to crack without even using a dictionary attack!

Now using the same word as a starting point we can make it harder to crack by making a few simple changes. This is when god becomes G0d (that is capital G, the number zero and lowercase d). Now the password is complex enough but is still to short. Now an online attack is estimated to take just over 4 minutes. Two simple changes have now made it really hard to guess even at 1000 guesses per second.

Let’s now go to the next level (this is part of the aha moment that Steve had). We can use this with all our existing passwords so no big changes to mess with your memory. We can now start to throw in symbols so G0d becomes G0d! making the time to crack around 23 hours but we can make it even better by making the password massive. This is as easy as padding out your password with characters. They can be the same characters but more variety is better so G0d! can become @@@@@G0d!@@@@@. When it comes to passwords, size does matter and we are now crafting familiar passwords that are big and would take an online attack 1.57 TRILLION CENTURIES to crack!

This is certainly one of those paperclip moments where the simplest idea has a big impact. I urge everyone to consider switching to this simple and effective password scheme and to spend a little time securing your information.

Give the GRC haystack page a go and work out some solid passwords, share this page too so the people you know (that might have information about you) can secure their systems.

Ben

Leave a Reply