Join DiveBuddy.com

Meet new scuba divers, maintain a virtual dive log, participate in our forum, share underwater photos, research dive sites and more. Members login here.

Scuba Articles > Greg > Web Site Help
How Secure is Your Password
Greg - 11/14/2013 7:29 AM
View Member Articles
Category: Web Site Help
Comments: 24
It is a good idea to have "strong" passwords...ones that can’t easily be broken or cracked. It’s also a great idea to use different passwords on different websites.


Here are two sites that allow you to check the strength of your password. I would not recommend typing in your actual passwords into either of these sites...but some variation of it to get the general idea.



Microsoft’s Password Checker:

https://www.microsoft.com/security/pc-security/password-checker.aspx



How long would it take to crack your password (mine would take 2 billion years):

https://howsecureismypassword.net/

Comments
Stumpy - 6/14/2014 1:36 AM
Be harder to Crack than are worth the effort (and not everything is only 16 bits anymore). For myself, I too used to run penetration test for Uncle Sam...I worked in Information Warfare for the canoe club. We brought five disiplines to battlegroups, with computer network defense being one of them. I simply keep stuff I’m not willing to share off the internet. With that, this elephant died...
havoc - 7/18/2014 8:54 AM
Stumpy, I completely agree with you. There is no such thing as an unbreakable password but some are definitely better than others. One of my team members put together an amazing list that incorporates the dictionaries of numerous languages and mixes them up along with numbers and symbols. The list is so long, though, that even at a 4.3 billion wps rate it would still take about ~300 years to crack all possible combinations after the mutation.
Stumpy - 6/10/2014 11:17 PM
If you want to make a virtually uncrackable password, I’ve got a list of codes that can be created that password cracker programs can’t Crack, courtesy of Uncle Sam’s Canoe Club.
havoc - 6/11/2014 2:08 PM
I’d like to see this list. There is no such thing as an uncrackable password. Some just take a little longer than others. We (my work) have a system that cracks passwords at over 4.3 billion words per second. A decent laptop can do around 600 WPS. We can crack up to 16 character passwords (every possible combination of letters numbers and symbols) in just days.
Stumpy - 6/11/2014 9:29 PM
After dealing with computer network security for Uncle Sam, I can tell you that there’s still a few (letters/symbols/numbers/special characters) still used by Uncle Sam when they REALLY want to keep prying eyes out, and they still remmain uncrackable.
havoc - 6/13/2014 11:20 AM
I was a DA/NA for "Uncle Sam" also. Now am a Penetration Tester (lmgtfy.com/?q=Penetration+Tester) who does a great deal of work for the Gov’t. In over 10 years I’ve never seen/heard of such a list. Care to share?
Stumpy - 6/13/2014 4:19 PM
Well there is and its been out there for quite a few years now. As far as sharing them, as I myself don’t use them (my pad is not capable of generating these characters as there’s no real keyboard with number pad), I simply don’t put sensative info on a networked system.
Stumpy - 6/13/2014 4:34 PM
Former comment posted before finished. Keeping sensative stuff off networked systems is tne best security of all. Some may not understand how one can do that, but we older folks all managed to get through the 80’s just fine, without having to have a cell phone glued to our hands. Back then cell phones were bricks. I’ve managed to live my life without being able to text, etc...at the drop of a dime. And I’ve found that by keeping personal information just that, I don’t have to hide behind complicated passwords that I’ve got to write down in order to remember them. But I’m not about to post any symbols/letters/numbers (including the many languages they may represent) that may continue to be used, as I believe in robust network security for our military members still serving. I’m just saying that unless you’ve got access to a supercomputer, your not going to be able to run your pwssword cracking program and get into anything you want.
Stumpy - 6/14/2014 1:29 AM
oh, and havoc, your right, there’s no such thing as a totally noncrackable password, but, unless your password cracker accounts for every number/character/letter/symbol IN EVERY POSSIBLE LANGUAGE, and you’ve got a computer powerful enough to go through every configuration during our rather short lifespans, then there’s passwords that can certainly
dontdiveenuf - 11/26/2013 11:58 AM
I build my passwords by creating a short sentence, then taking the first 1 and/or two letters of each word, mixing the cases, and adding a couple of symbols and numbers. It’s easy for me to remember and usually meets the criteria for a strong password. For even more fun, you could use a foreign language to create the sentence.
UWnewbee - 11/15/2013 6:59 AM
my house is harder to get into lol
UWnewbee - 11/15/2013 6:58 AM
67 million years
Jossey - 11/15/2013 2:20 AM
Password is the wrong word these days it should be pass phrase normally.

Working in it security is see many passwords hacked mostly dictionary attacks mainly.

The general rule is either

Use special characters at least once
Use caps at the start and at least once
And don’t use a word

Eg my password is made from one of my first car registrations

Eg AB then I use the first letter of the website I’m on and another letter in the site. Eg 5th letter
The I use my remembered 3 characters lets say zzr
Then I add the special character
If the website is an odd amount of letters it’s, let’s say !
Then even it’s ?

But this is not easy to remember although a pass phrase replacing s with 5 and e with 3 is easy
Ihatepa55word5!
Is a good password (please don’t use that though lol)
havoc - 11/15/2013 7:12 AM
Password is still a proper word. Passphrase is the same thing but with more words. Nitpicking. As for the rest, it’s common for tools to use leet as well so go ahead and replace s with 5 and t with 7. Hackers can do that, too.
havoc - 11/15/2013 7:13 AM
http://xkcd.com/936/
Stumpy - 6/13/2014 11:14 AM
Why don’t you just give us your password instead of making it out to be a puzzle from the back of some old ’OMNI’ magazine?
havoc - 11/14/2013 7:47 PM
As someone who works in IT Security, the ’time to crack’ is quickly becoming a myth. We consider password complexity a "best effort" nowadays. Password strength is strictly a numbers game. The calculation is normally based on a 600 words per second (WPS) counter. This means that a modern laptop would only have the CPU/RAM speed to calculate 600 words per second while hashing (hashing is the how your password is encrypted).

To calculate how long it would take your password to be cracked, try this:


for every uppercase letter multiply by 26
for every lower case letter multiply by 26
for every number multiply by 10
for every special character multiply by 32


so if your password is 4 characters say 1!sS the calculation would be
10 32 26 26 = 216,320 possible combinations


take that number and divide by the magic 600WPS
216320 / 600 = 360.533-
this password would take 361 seconds (6 minutes) to crack with a laptop from around 2005.


Hackers can get into the billions and trillions of WPS now.
lerpy - 11/14/2013 2:14 PM
Ok so apparently I need a new password.
Brian_V - 11/14/2013 2:08 PM
...I ran mine thru, it said this: "It would take a desktop PC about An octillion years to crack your password"
What the heck is an ’octillion’?!?!
...I guess it’s pretty safe then?
Greg - 11/14/2013 3:28 PM
Yeah, i think you are safe for a few years at least :)
coffii_howz - 11/27/2013 11:02 AM
until someone reads the sticky note its on ;)
Nitediver - 11/14/2013 1:11 PM
mine 23 TRILLION years!
RockRat2008 - 11/14/2013 10:14 AM
Mine would take a mere 58 years. :-)
lerpy - 11/14/2013 7:45 AM
Mine only takes 7 hours according to the site, good thing I don’t have much worth stealing, other than access to DB of course.