I got a bit sidetracked by an NZ Herald on passwords: Tired of passwords? You aren’t alone. I find myself in both camps, both the user of passwords and the enforcer of rules. The self loathing as I had to type up the error message “Please use at least one upper case character” into my script.
The article itself was nothing particularly new and as the cost of automated SMS messages drops we’ll find reputable websites start sending us one use codes instead of relying on us to remember passwords – just don’t lose your phone or leave it in another room or you’ll be scrambling.
What did intrigue me was the site the article linked to a website which sees how long it could take to crack each type of password. Challenge Accepted!
I started out with two passwords I use. One is the name of a cocktail and a year. The other a computer generated password which was the default of some site I signed up to and is a random combination of numbers and letters. Given crackers use “dictionary words” to speed up cracking I figured the first example was less robust than the second.
Boy, was I wrong.
1.04 seconds for the randomly generated password compared to 6 days? I didn’t expect that!
So, I started playing. In the end one of the most secure passwords I tried was “PorkyThePig2008” at 2.48 thousand centuries. While jokes abound that all you need to know is the name of someone’s pet maybe “PixieTheDog2011” isn’t so silly after all.
And the old lady with the passwords scribbled on her wall… (who me?) isn’t so silly. So long as she doesn’t have a webcam pointed that way you’d have to be physically in her home to be able to read them – and by the time the bad guys are actually in your home a few passwords are the least of your problems!
You might be interested in this – apparently passwords with real words work better
http://www.ted.com/talks/lorrie_faith_cranor_what_s_wrong_with_your_pa_w0rd