How To Avoid Your Passwords Being Cracked
Many sites you frequently visit these days require a password in order to enter. That’s because there usually is some form of confidential information stored behind these password protected pages.
But passwords can be cracked, so if you want to KEEP that information confidential, you’d better use a good and strong password.
And that certainly applies to your most important online accounts like bank or other money accounts. To a certain extent, I can understand (not agree!) why people want to have access to your PayPal or bank account, since there’s money to get. Greed and an easy way to make money is their motive.
But otherwise, I have NO idea why people would like to crack password for things like blogs and web2.0 sites, other than the morbid delight of destruction.
But it happens!
I had it happen to this very blog last month. Using brute force (see below).
So the lesson here is to defend your Cpanel, blog, bank and all other accounts with strong passwords that are hard to crack.
Now, I’m NOT a security specialist. All I can do is try to explain this matter in my own layman’s words and that’s what I do below.
Suppose I used a ONE character password to protect my site and that one character could only consist of the letters a to z. That would give me 26 possibilities to create my password.
If someone wanted to crack that password, all this person had to do is fill in each letter on my login page and hit submit. Including the response time this requires, this can be done at a pace of 3 times per minute. On average it requires 13 tries to find the password, so that only takes less than 5 minutes.
Now suppose I add another character to my password. Then the total number of possible combination would increase drastically, since for every character in the first position, there are 26 possibilities in the second one. Total number of combinations: 26 x 26 = 676. The average time required to find my password would become 338 / 3 = 112 minutes.
When we allow to have numbers in our password, the possibilities per character would be 36 and the total number of possible combinations when using 2 characters would be 36 x 36 = 1,296. Average time to find my password: 648 / 3 = 216 minutes.
Finally, when we also allow all letters to be in capitals, that adds another 26 options per character. So now the total number of possible combinations for a 2 character password becomes 62 x 62 = 3,844. Average time to find my password: 640 minutes!
If we would allow for more characters to be included in the password, the figures will be:
| # Chars. | Possible Combinations | Average # minutes needed to crack password |
| 3 | 238.328 | 39.721 |
| 4 | 14.776.336 | 2.462.723 |
| 5 | 916.132.832 | 152.688.805 |
See how the column at the right increases drastically?
THAT’S all you have to remember from this exercise.
Of course anyone doing this would be a fool, because we have computers to do things like this. And hackers and crackers use computer programs to do this. Their software starts at the left most character with ‘a’ and work their way to the most right character, scanning all combinations possible.
That is called ‘brute force’.
But for computers the same effect applies. The more options per character and the more characters used, the more difficult it becomes to find the right password combination.
Therefore, it’s wise to use at least 8 characters in your password, using a combination of upper and lower letters and numbers.
So the name of your little sister simply won’t do! Nor does the name of anyone else. You also need to include numbers and, if allowed, special characters.
If you use names, then at least don’t use names that are easy to guess. Use at least one capital and also add a number. A great way to combine everything is to replace an ‘a’ by 1 and a 1 by ‘a’. That makes names more difficult to find.
IF it’s allowed, you can also add special characters to your passwords, or even add a space, so you can make your password a phrase. Which, in general, is easier to remember.
But the fewer characters allowed, the longer your password should be!
If you’re really good in math, you can see from the table above that a 15 character password only containing letters is stronger than an 8 character password containing all possible characters on your keyboard, simply because the total possible number of combinations depends on the power of the number of characters in your password.
It’s also very wise to periodically change your password using the information above. Doing so avoids all possible hacks or cracks of your passwords since anyone on their way to compromise your passwords would have to start all over again.
Here’s an online password checker where you can see how strong your password is. There are more available, just google the phrase ‘password checker’.
Remember this:
- the more variety in possible characters, the better and
- the longer your password, the harder to crack.
Don’t let it happen to you. Avoid having your passwords cracked.
Had a similar experience or want to react to this post?
Leave your comments below.
Tags: crack, hack, passwords, security
Welcome to Affordable Internet Marketing Blog.
You may want to Subscribe to my Updates or to my RSS feed. Thanks for visiting!
Related Articles:
June 11th, 2008 at 5:40 pm
Its crazy what some people will do to attack others. A friend of mine just had her bank account hacked, it does happen. Thanks for the article.
June 11th, 2008 at 6:30 pm
That’s my biggest fear when I start business online. I’m not a IT expert (basicly, a psychology student) and I don’t know much about IT nor the internet security. However, for the important account, I use more than 10 character password and use more than 5 character for not too important account. There are several script kiddie that crack the blog, the joomla and wordpress blog to be exact..Blog is the vulnerable media to hack, that’s why I feel afraid.
June 11th, 2008 at 8:05 pm
I could say that there is no security on the world wide web. There are lots of cases happen that their passwords and credit cards for example were hacked. So I think, we should be aware of this stuffs and always see to it that we secure important information.
June 11th, 2008 at 8:19 pm
Thanks for the reminder, Clay! My office used to have one of those 4 button door locks on it and I had to tell my boss to use two numbers at once, otherwise it would only take a minute or less to figure out the passcode.
I tend to forget it with passwords though, primarily because they drive me up the wall sometimes.
I know one reason people try to break any passwords they can, but it’s certainly not the only reason. Many people have a habit of using the same password on every site. So if they figure your password for your blog, they might can also get into your paypal account, bank account, etc. I learned my lesson the hard way, after someone broke into a forum I was on and I didn’t think to change paypal before they could get to it too. Luckily paypal and my bank worked with me so that we weren’t out anything, but it was a scary couple of days.
June 12th, 2008 at 12:59 am
I prefer a combination of alphabet and numbers. It produced more possibilities and thus make the password stronger.
June 12th, 2008 at 11:25 am
It is extremely frightening knowing some passwords can be hacked. That is a definite fear of many, since so many individual have multiple passwords.
June 12th, 2008 at 12:08 pm
I personally prefer to change the password of my blog every month or so and most of the times I try to keep name and number combination. It is easier to remember.Fortunately none of my accounts have been hacked as yet but I would definitely try to shuffle around with numbers this time around.
June 12th, 2008 at 2:39 pm
I keep a strong password that I use as a standard password, but when I sign up for sites I actually use a different password at each site to make sure that only the one password is lost if a site gets compromised (why risk my bank account when Joe Blow Random Website gets hacked and stored my password in plain text?)
To do that, I use a password hasher. I type in the same password, and it automatically combines that with the domain name to create a unique and strong password.
I have a plugin in my browser that you can get at: http://wijjo.com/project/4/passhash
It works pretty well. For example, if my password for this website were going to be SampleHash, then I would combine that with affordable-internet-marketing in order to come up with wo2JZ)Jdsv as my final password.
June 12th, 2008 at 5:01 pm
You could also install some brute force protection on your server to block xx failed requests. This will help your site from getting brute forced…until they start changing their IPs that is
June 12th, 2008 at 5:38 pm
Thanks for all the responses guys. Proves that this IS an important matter that should not be taken lightly!
@Teeg Who’s Clay?
@Blain Thanks, these may be helpful tools.
It’s a nice report you offer, you only have to do some lay-out work for the lines with the bigger fonts. They don’t display well.
I wouldn’t recommend anyone to fool around with brute force protection scripts, if at all possible, if you don’t know exactly what you’re doing.
June 12th, 2008 at 7:39 pm
@Case LOL I have no idea. Have I mentioned that I have a 5 year old and am usually trying to type around his chatter? Still, very embarrassed! (insert blushing emoticon here).
Te-ge
June 13th, 2008 at 6:21 am
This has brought the subject of passwords to my attention again, which I need. I seem to realise how important it is, do something about it and then I forget again. So thanks for the reminder.
Barb.
June 13th, 2008 at 9:09 am
It’s really sad that there are still people just lurking around to grab someone else’s money earned by hard work end effort.
Keeping that in mind I always try to use long tail passwords to make them as difficult to hack as possible
June 15th, 2008 at 11:30 pm
Thank you for the information. I have the same password for all my google accounts and if someone cracks my password…the affect will be drastic.
June 16th, 2008 at 9:01 am
Well, it is not necessarily an attack to break a password. To the hackers who are not money oriented, not robbers, it is passion and fun, and most of the hackers I know do never hurt anobody. They just want to know that they are able to crack even more passwords. Usually people do not even notice that someone cracked them. But of course I think it is better be safe and to use difficult passwords. I actually use various passwords, codes and difficult algorythms.
June 16th, 2008 at 12:39 pm
Years ago I had a website that generated a password for you and wouldn’t let you set your own. So I had to memorize a 6 digit long random number and letters (with varying case) password. Since then, I just use variations of it. A great password, and I have little fear of it being cracked because it’s truly random.
June 16th, 2008 at 6:48 pm
one more small tip
DO NOT trust on a pwd chker please..
who knows..!!
it is always better to be on the better side and check your passwords yourself.
As a default tell yourself that your password will always be 15 characters with 5 special characters and 5 numbers plus 2 uppercase letters
so now who is cracking…
June 16th, 2008 at 10:57 pm
For those of you that are concerned about security on your sites and computers I recommend the CompTIA Security+ certification. It is a good course that will provide you with a lot of good information about IT security. When I create new passwords I ensure the new password contains upper-case, lower-case, numbers, and special characters (like *) and are at least 8 characters long. These types of passwords are much less likely to be cracked by a brute force attack. Hope that helps.
June 17th, 2008 at 8:14 am
Great post. I usually follow this advice: longer pass is better. Never had problem with passwords but you never know…
June 17th, 2008 at 9:41 am
Thanks for the nice post and the explanation. I used password length between 12 and 15 for all my password and combination of number, uppercase symbols, lowercase symbols and other symbol. In other to make your password very strong to cracked, you have to used all the combination of number, letters and signs and symbols on your keyboard.
If you can not come up with a strong password, it is better to install password generator, with a click, you will have a strong password.
June 17th, 2008 at 9:56 pm
Everything can really happen here online. Even how secure you the passwords you are giving to protect your business, still there are people who are challenged to take the chance of cracking it and for them it is a great achievement.
There are also chances the people have the same password, it is better to keep several strong password for every account you have online, so that if one is cracked down, there the other account will still be safe.
June 19th, 2008 at 3:40 pm
Here’s a simple trick to create long, ‘uncrackable’ passwords that are easy to remember:
Take a short phrase that has meaning for you:
‘Climb every mountain’
Modify it like this:
Cl1mb3v3ryM0unta1n
See what I did? Replaced the an o with 0, i with 1 and and e with 3 (and S with a 5, if you like).
Result:
A memorable password, that’s hard to crack.
June 20th, 2008 at 10:14 am
Great tips and thank you for the tool. I checked my passwords and they are good. I do need to start changing them every so often but I have so many places that I think I would get confused. I will try though so I don’t get hacked. Thanks for the tips.
August 17th, 2008 at 10:33 pm
Password is meant to keep every confidential information that you wouldn’t want it to be leaked to the public. So it is definitely a must to create a much stronger password, unless you aren’t afraid of hackers.