How many times are you forced to change your password on CWL and get constantly annoyed by the restriction rule? You are not alone, most people experience difficulty with strict requirements for their new password. According to this study, Only 18 percent of the population are able to create a password that meets all the requirements on their first attempt; 25 percent simply give up.
It is human nature not to feel threatened by thefts they don’t see, and we feel confident about all the passwords we created. Unfortunately, most of us have weak passwords, which can be “guessed” by computer within few minutes, even seconds.
Source under: Creative Commons CC0
How do they crack your password?
© User:Colin / Source under: Wikimedia Commons
There are numbers of ways for a cracker to get your password. This post by Dorothy Ordogh from 2014 Term 2 explained it pretty well. In addition to trick you for passwords/personal informations over network, A cracker can:
- guess your password online using the common passwords every 24 hours to avoid lockup of the account
- try every word offline from a dictionary using software tools
- try Brute-force attack: test every combination of letters and symbols(for example, Enigma)
- hack into a vulnerable security system, get the hash of your password and then run tools to find matches
Nowadays, most systems have encryptions/hash implemented to secure clients’ passwords. However, such implementations doesn’t guarantee the safety of your data. The best way to keep you safe from any attack is to use strong ones.
If there are millions of passwords waiting to be matched, you want to your password to be the hardest to crack.
This scientific study reveals that passwords with a 16-character minimum requirement is the hardest to attack compared to other groups, including a 8-character minimum group with upper/lower case and dictionary check requirements. Another interesting finding is that adding a number to a password doesn’t decrease the predictability of the password.
So How long should my password be?
In 2010, a study by the Georgia Tech Research Institute suggested that a good password should be long, complex and easy to remember such as a sentence with numbers or symbols. The minimum length should be 12 characters.
If you would like to test the strength of different passwords, here is a website that calculates the time to crack your password under different attack scenario.(keep an eye on the offline fast attack scenario)
Given the processing speed and the capability of computers nowadays, short and simple passwords won’t survive even the simplest attack. Extensive use of internet and mobile devices make us easy targets for online thefts. To protect yourself from being a potential victim, it is important to be aware of the danger and take actions. Remember, a longer password won’t hurt.
Here is an interesting TED talk by Professor Lorrie Faith Cranor. She also talk about how hashing passwords works:
YouTube video courtesy of: Ted Talk
Time to change passwords!
Posted by: Luxi Xu
