For about a month, someone has been regularly attempting to hack my personal Google account. I can’t do anything to prevent them from trying to hack my Google account. My only defense is to have a good password.
To help me select a strong password, I found a handy website that estimates how long it would take for an average desktop computer to crack a password. It’s called www.howsecureismypassword.net.
How secure is my password?
I’m a system administrator and have a habit of maintaining strong passwords. Checking the strength of my Google password, I found it would take 238 quadrillion years for the average desktop computer to crack. Take that you nefarious Google-account hacker!
How secure are most user passwords?
Curious, I decided to running some tests on other passwords using this tool. These tests slowly increased complexity and length.
- 0.0456976 seconds to crack “easy” (4 characters)
- 10 seconds to crack “12340987” (8 numeric characters)
- 13 minutes to crack “abcdefg” (8 lowercase characters)
- 61 days to crack “AbcdEfgh” (8 mixed-case characters)
- 252 days to crack “Abcd1234” (8 mixed-case alphanumeric characters)
- 3 years to crack “Abc123!@” (8 C0mp!ex characters)
- 17 thousand years to crack “Abcd1234!@” (10 C0mp!ex characters)
- 100 million years to crack “Abcd1234!@#$” (12 C0mp!ex characters)
- 42 trillion years to crack “Abcde12345!@#$%” (15 C0mp!ex characters)
Length Matters (at little cost)
Although complex characters help, password length provides the most value at very little cost (the time it takes for me to type a few more characters).
Let’s say that my password is 15 characters long, that I type 240 characters a minute (4 characters per second), and that I type my password 10 times a day. Knowing this, I can calculate that …
- An 8 character C0mp!ex password would require 20 seconds of my time per day and would take 3 years to crack
- A 12 character C0mp!ex password would require 30 seconds of my time per day and would take 100 million years to crack
- A 16 character C0mp!ex password would require 40 seconds of my time per day and would take 3 quadrillion years to crack
Increasing a 15-character password to 16 characters would require 2.99800 × 1015 more years to crack.
How easy is it to crack most user passwords?
It’s rather easy if you have physical access to their computer. Tools like Ophcrack come as a live Linux CD with prepopulated rainbow tables and can crack user passwords without even installing any software.
Lesson
Add some complexity and length to your password to greatly improve its strength and the security of the systems your password is designed to protect.