Complete I.T. Blog

Security – How Secure is your Password?

by | Jun 19, 2017 | Archived Articles

In today’s world remembering which password you use for what can almost be a full-time activity and can be immensely frustrating when the system you are accessing says you have to change it frequently (surely not, I only changed the password last week??). Best practice suggests you should use a different password for every website you access and that password must be complex. Vendors like Microsoft are now enforcing complex passwords for their Cloud Services such as Microsoft Office 365.

Complex passwords usually require 3 out of 4 of the following:
– Lowercase characters
– Uppercase characters
– Numbers (0-9)
– Symbols

We all know Microsoft are trying to protect us from hackers but remembering these complex passwords is a difficult task. Most people will use something familiar to them to create a password, like a child or pet’s name, the current month or their car registration. This practice makes the password easy to remember however it also makes the password very easy to crack. For example, growing up I had a pet dog called Ben, now if I were to use his name as my password (including the capital “B”), any password cracking type of program would break this password almost instantaneously. Any word in the dictionary used as a password would also be cracked instantly as most password cracking programs use the dictionary as the first method to try and crack the password so please avoid using standard words or common names.

My next step would be to add numbers to the password, the most common way to do this would be to replace the letter that most looks like a number i.e. the password Ben would become B3n Using the same password cracker tool this password would be revealed in about 14 seconds! The result isn’t good.

Following the rules above for complex passwords, I decided to add some symbols to my password. The easiest way to do this and to make it memorable, is to surround the familiar password with some form of brackets or quotes, i.e. use the Symbols “ ‘ () {} or [] “ so now my password looks like this: {B3n}

Utilising the same cracking tool, this would take about 5 days to crack, much better but still not great. The password {B3n} is now 5 characters long, still too short to be considered secure, so I add !! {B3n}!! again a hacker would crack this in a matter of days.

The aim is to make sure the password is strong enough to last the amount of time under a cracking tool before the system you are accessing requires a password change. I decide to increase the number of characters by adding the year my dog was born, so the password looks like this: {B3n1991}!!

This password is still memorable to me and has 11 characters but now the cracking tool would take much longer to crack the password!

Try and make the password as long as you can with a mix of symbols and numbers, as you can see from above, increasing the number of characters makes a big difference.

Disclaimer: None of the passwords in the example above are actually in use. The times to crack passwords are estimates and are generated by an online secure password testing tool.