Nittany Link Technology Blog

How secure is your Password?

Dec 2


Monday, December 2, 2013  RssIcon

We use password as keys to our computers and our online accounts same as we do with our cars and homes. The idea is simple, to place a barrier between someone attempting to access your property. Unfortunately most people choose passwords that are easy to remember like first names of their children or spouse. Easy passwords are used because they are easy to remember and allows for quick logins.

I read an article this weekend that was a little frightening this weekend. In 1962 John F. Kennedy signed an act called the National Security Action Memorandum 160 which installed a device on US nuclear weapons so that they could only be launched using a correct launch code. We have all seen this in the movies. The issue at hand was that soon after these devices were installed 50 missiles were reset to have the password of 00000000. Then to make it worse every training manual used to operate the system specifically stated make sure you have entered the correct code of 00000000. This was left in place for nearly 20 years. The article goes on to point out the army's reason for this, which is a valid point, but it defeats the purpose of having a code to begin with.

Part of the issue with passwords is that people are not aware how easily passwords can be discovered. Most people have a picture of someone sitting at a computer typing in passwords one at a time every 30 sec trying to access your account. This may be the case for a spouse or an acquaintance trying to get into your account, but a hacker will use tools to try to login to your account at billions of attempts per second.

To make it easy to understand let's say your password is 1 character that is a number. To guess your password I would only need to try a maximum of 10 times (0,1,2,3,4,5,6,7,8, and 9) to guess your password. If it was 2 characters that were both numbers I would need to try a maximum of 100 tries. If you password was 1 character that was a letter I would need to try a maximum of 26 times to guess your password. So now we say that its one character that can be letters or numbers and we go to 36 tries. Add the option of a lowercase or a capital letter and we go to 62 tries. Adding in special characters and we need 86 tries. With punctuation it would take 96 tries. The more complicated the password is the more combinations there is, since a normal desktop can try roughly 4 billion attempts a sec, more is better.

Using this online tool we can get the following estimates on how many available combinations there are and how long it takes for a desktop to try each combination:

Number of Letters

Using Secure Password Policy*

Possible Combinations

5

2 Seconds

8 Billion

6

3 Minutes

782 Billion

7

5 Hours

75 Trillion

8

20 Days

7 Quadrillion

9

5 Years

692 Quadrillion

10

526 years

66 Quintillion

11

50,000 Years

6 Sextillion

12

4 Million Years

612 sextillion

* Using one capital letter, lowercase letter, number, special character, and punctuation

If you follow good security practices and change your passwords ever 30 or 90 days, it would be best to use at least a 9 digit password. As you can see from the chart above by just adding 2 characters to an 8 character password can make the difference between 20 days and 6+ lifetimes. As desktop computers get faster it will take less time to crack your password, that 20 days today may be 10 days in a year to 18 months.

To protect yourself here are some tips:

  1. Do not use the same password for everything. Each computer or website should have a separate password.
  2. Change your passwords regularly. Once a month, once a year, the more often the better.
  3. Create passwords that are at least 8 characters and contain 1 capital letter, one lowercase letter, a special character and punctuation.
  4. Make sure your Antivirus is up to date.

If you manage you own network systems and want to protect them from password hacking, try enabling a policy where your system locks each account after so many failed login attempts. This creates more management to unlock accounts for users but stops hackers from attempting billions of login tries to your systems.

If you have any questions feel free to contact Nittany Link we would be glad to help.

Tags:
Categories: Security

Search

Recent Entries

IOS Emergency Security Update
Federal Court strikes down some FCC neutrality rules
How secure is your Password?