How Secure Is Your Password?
Create a strong password that you can remember.
How to come up with a password
- Substitute numbers or symbols for letters or words: For example: I becomes 1 or !, e becomes 5, b becomes 8, the letter o becomes the number 0 (zero), s becomes $, for becomes 4, at becomes @, to becomes 2
- Combine 3 unrelated words and some substitution: For example, use Mail + Phones + Home and then substitute some letters = m@!lPh0n3$H0m5. It would take a desktop PC about 2 billion years to crack that password.
- Abbreviate a phrase or sentence: For example : “I enjoyed skiing at Mammoth Mountain in 2012″ = IesaMMi2012. It would take a desktop PC about 412 years to crack that password. If you substitute some letters = !5s@MM12012 it would then take a desktop PC about 4 thousand years to crack that password.
- Use a Music lyric: For example: “In the town where I was born,Lived a man who sailed to sea” = Ittw1wbLamws2s. It would take a desktop PC about 98 million years to crack that password
Check the strength of your password.
I highly recommend using howsecureismypassword.net to check how long it would take for someone who got access to your computer to crack your password. As you type in the password the site background goes from red to green and tells you how long it would take a desktop PC to break it.
I recommend – and so does the site – that you don’t use your actual password to do the check, but to modify it. If your password in Dogcat4 put in Topsit7. Both passwords have the same combination of Uppercase, lowercase letters and numbers. BTW, it would take a desktop PC about 14 minutes to crack that password. Not very strong.
Don’t over do it
Since you have to type your password in on regular basis balance complexity with usability. My current password would take a desktop PC about 109 thousand years to crack. I think that is good enough.
Hi Mike,
I worry much more about someone stealing it from the company or even monitoring the data as I type it in. What is your opinion?
Venc
Unfortunately, the risk of a company compromising your password is real. That is why I change mine frequently for sites I care about and don’t reuse passwords at different sites. It is a pain, but the time is worth it.
As far as a person monitoring the data as I type it in, once I see that I’ve got an https connection I don’t worry about it as someone would have to have a sniffer in the right place and at right time and have significant compute power to crack the encryption.
Pingback:How Secure Is Your Password? | Michael William Hughes | LifeAbility