How long do you think it would take to crack a password like barb49?
Offline Fast Attack Scenario: (Assuming one hundred billion guesses per second) 0.000622 seconds. Massive Cracking Array Scenario:(Assuming one hundred trillion guesses per second) 0.000000622 seconds;
Now let’s change that barb49 password to a strong password, let’s say a 15 character password generated by Last Pass’s Password Generator. The generated password is gln5adHH^v4A8md. Now how long would it take to crack that password?
Offline Fast Attack Scenario:(Assuming one hundred billion guesses per second) 1.49 billion centuries
Massive Cracking Array Scenario:(Assuming one hundred trillion guesses per second) 1.49 million centuries
Do you see the difference? If someone wants to crack passwords and has the right software, they really can make a hundred billion guesses per second.
You don’t have to use unpronounceable gibberish passwords — but if you’re using a password manager with a password generator, you don’t have to remember them anyway — that’s what the password manager’s for. You can, if you wish generate random 12-letter pronounceable passwords that are fairly strong — but can be cracked if the attacker is determined. Take the password indamutcag for example — it can be cracked in about 24 minutes using Offline Fast Attack Scenario, and less than 3 minutes using a Massive Cracking Array Scenario.
We’re determined to teach you about passwords. The more you know, the more likely you’ll use strong passwords…and that’s a good thing.
How do we know all this stuff about cracking passwords? We don’t — so don’t worry — we’re not going to sick EB on you 🙂
We got this information from a very interesting site. You can go there right now and test your own passwords if you like.
Here’s a question posed by the page we’re going to send you to:
Which of the following two passwords is stronger, more secure, and more difficult to crack?
D0g…………………
PrXyc.N(n4k77#L!eVdAfp9
If you guessed the second one, you’d be wrong. You can find out why, here .. And while your there, check your passwords, before someone else guesses them.
Here’s some juicy tidbits from the author — just in case you were thinking about avoiding this site and continuing on with your weak passwords:
“Every password you use can be thought of as a needle hiding in a haystack. After all searches of common passwords and dictionaries have failed, an attacker must resort to a “brute force” search – ultimately trying every possible combination of letters, numbers and then symbols until the combination you chose, is discovered.
If every possible password is tried, sooner or later yours will be found. The question is: Will that be too soon . . . or enough later?”
Interested? We hope so. Visit this page to learn more — right now.
How do these things work when you have to input the password twice when you make it? What about using it from two devices since I check my g-mail and facebook from my android as well as my laptop. I’m sure there’s a simple answer and would really appreciate your explaining it to me. I have Sticky Password manager but really haven’t implemented it (dumb I know).
Why don’t more (or all) sites lockout access for at least 30 min if more than 3-5 incorrect attempts are made. This seems like such a no brainer and most good sites that care about security seem to do this as a matter of policy. Would this not prevent brute force attacks?