>
How Big Is Your Password Haystack?
Have a look at this very simple concept of "password padding" to dramatically increasing the strength of your chosen password and still keep it easy to remember.
- By increasing the size of the haystack it becomes much more difficult to find the needle within it.
Steve Gibson is the guy that discovered and actually coined the term "Spyware" (back in the day) and on his website he explains why it is probably better to have a long password, instead of a complex password.
As a basic example he suggests that the first password in the list below will probably be harder to crack than the second one (but is much easier to remember):
1. D0g.....................
2. PrXyc.N(n4k77#L!eVdAfp9
He explains the concept of "padding" your password with special characters to make it much more difficult to crack by the mere fact that you are increasing the length of the password.
· The choice of padding is up to you, but the idea is to add additional characters before & after a main password.
· This way the password is EASY TO REMEMBER, complex, not in a dictionary and long.
Example Password | Brute Force Crack |
| password | 2.17 seconds |
([---password---]) | 2.43 hundred billion centuries |
Example of changing a simple password into an even more stronger password:
| Example Password | Brute Force Crack | Notes |
password | 2.17 seconds | In the English dictionary (and one of the most common passwords used), a very bad start. |
pa55word | 29.02 seconds | Add numbers, the more the better. |
Pa55woRd | 36.99 minutes | Ensure uppercase + lowercase, the more the better. |
Pa55w@Rd | 18.62 hours | Add symbols, the more the better. |
((---Pa55w@Rd---)) | 1.28 thousand trillion centuries | Add the padding characters, the more the better. |
((-----Pa55w@Rd-----)) | 1.04 hundred billion trillion centuries | Increase the length of the padding. |
Example Password | Brute Force Crack |
| thisisalongpassword | 2.53 million centuries |
ThisIsALongPassword | 1.30 trillion centuries |
This.Is.A.Long.Password | 7.66 hundred billion trillion centuries |
Stats:
· 46% of passwords are all lowercase (alpha)
· http://www.grc.com/haystack.htm
· Top 10 Most Common Passwords: http://modernl.com/article/top-10-most-common-passwords
· Using a $100 graphics card and a freeware utility, passwords can be cracked at a rate of 3.3 billion guesses per second: http://www.extremetech.com/article2/0,2845,2386439,00.asp
· Password Generation & Storage Software (I use both of these):
