3 questions about password security – answered

The average person owns at least 90 online accounts, ranging from email and social media accounts through to banking, utilities and government services, and each require a password. As the keys which unlock your digital world passwords protect the valuables, just as the lock & key to valuables within your actual home. Yet do we apply the same security measures we have on our home to the passwords that are guarding our digital access?

Has our use of passwords evolved?

The answer is probably not. According to a study analyzing 10 million passwords from data breaches that happened in 2016, over 50% of them are from the list of 25 most common passwords. And the top 5 are:

1. 123456
2. 123456789
3. qwerty
4. 12345678
5. 111111

Nearly 17% of users are using “123456” to safeguard their accounts. That’s pretty shocking!  Not only are these passwords painfully old and common, they can also be breached by a computer almost instantly.  

Password complexity – for human or computer?

So what about combining letters and numbers? Or punctuation and capital letters? For instance if you are replacing “password” with “pA5$W0rd”, how secure would it be? Well the truth is, it would only make it harder for you to remember. For a computer, it takes merely 9 hours to crack. In fact, any standard desktop computer using a high-end graphic processor can test trillions of password per second.Look at this table of password recovery speed. A seven-character password composed of upper and lower case letters and digits has 3.5 trillion permutations. That sounds like a lot to us, but with a speedy desktop computer they can be all tested in an hour or two. If you put a few PCs together, they can be done in 10 seconds.  

The longer the better?

It turns out that when it comes to password security, the length of it is more important than the mix of letters, numbers and punctuation. So a phrase from a song, a bad pun, a line from a speech – just anything that has a more complex make up to it will be a stronger password than the pA5$W0rd you are struggling to remember.Another useful trick is to tie the meaning of your passwords to the actual account. Using “if you invest your tuppence” as your online banking password will take a computer approximately 343 septillion years to crack. The same goes to phrase like “you’re so vain” (perfect for social media account) and “working 9 to 5” (for your work login) which will takes approx 111 thousand years and 2 million years to crack respectively.So next time when you are prompt to input a password that is eight characters long including special characters, go for “snow white and the seven dwarves!”. It will take a modern computer approximately 38 duodecillion years (that is 38,000,000,000,000,000,000,000 years) to crack!