Everyone knows what a password is and what it does. But how secure really is your password? If an attacker tries to hack your account, how long will it hold down the fort? How can you increase password security? Let’s find out!
What is A Strong Password?
A strong password is one you cannot, or at least not easily guess or crack. Hackers use computer programs to try various letter combinations, numbers, and symbols to work out the correct password. It takes an average computer less than a second to guess a 6-10 digit password made up of numbers and letters only.
A strong password combines different techniques to increase the number of combinations. It does it by mixing uppercase, lowercase, symbols or punctuation marks, numbers. The minimum length of a strong password is 12 characters. However, it is recommended to aim for higher characters. Not repeating passwords for multiple accounts also increase password security.
The main characteristics of a secure password are –
- At least 12 characters long (the longer your password, the more secure).
- Uses uppercase and lowercase letters (at least one and preferably more), numbers, and special symbols. Passwords consisting of mixed characters increases the number of combination — therefore, harder to crack.
- Does not contain guessable keyboard patterns.
- Does not include personal information such as birthdays, initials, etc.
- Password is not repeated in multiple accounts.
How Do Hackers Guess Your Password?
Wild guess
In this technique, hackers study you intensely to squeeze out as much personal information as they can. Then they try to guess your password based on your behavioral clues and psychological analysis. They can also use sophisticated programs to catch that one vulnerability to peek into all of your data.
Dictionary-based attacks
Dictionary-based attacks try to uncover a pattern to guess a password even if you pick it out “randomly.” For example, most people use tricks to remember their passwords, so they somehow correlate them with some of their personal data. Hackers basically reverse-engineer your thought process to unveil your password.
Phishing
Phishing is one of the most commonly used ways to crack passwords. Similar to “fishing,” hackers use baits to lure you into sharing personal data with them. Phishing emails or messages pretending to be a trusted source is the most common way of phishing passwords.
Shoulder surfing
Shoulder surfing is more of an analog method where attackers will stalk you in real life and try to see your password when you type them. Medium or large size businesses are most targeted in this method. People remotely working in public places are also common targets for shoulder surfing.
How Long Will It Take to Guess a Password?
Modern computer hardware can guess 100,000,000 passwords/sec using readily available GPUs. The co-processors in these computers can do intensive calculations for cracking passwords. These systems can come as cheap as $2 per hour from Amazon.
How long it will take to guess your password depends on your password strength. A four or five characters long password can be hacked almost instantly. Only numbers and up to 18 characters’ passwords could take a hacker up to nine months to crack the code. The time needed to work out a password increases almost exponentially with the number of combinations and length. You can create a secure password with only 18 lowercase letters having a cracking time of 23 million years. On the other hand, if you use a combination of numbers, uppercase, lowercase, symbols, and letters, you can create a password that will take 2 million years to guess with just 13 characters.
What Does a Strong Password Look Like?
As mentioned previously, a strong password uses different types of character combinations and consists of more than 12 characters. We have found some of the most robust passwords, according to experts, and checked how long it would take for a computer to guess them. We also checked the cracking time for some of the easiest passwords for reference. We used Security.org to test out the strength of the passwords.
Here is what we found –
| Password | The time needed to crack the password |
| password | Instantly |
| Qwerty | Instantly |
| Name123 | 1 second |
| 123458796 | 25 millisecond |
| X5j13$#eCM1cG@Kdc | 93 trillion years |
| %j8kr^Zfpr!Kf#ZjnGb$ | 42 quintillion years |
| PkxgbEM%@hdBnub4T | 93 trillion years |
| vUUN7E@!2v5TtJSyZ | 93 trillion years |
Even though the numbers on this table are an approximation, and hackers can use different techniques to eliminate up to 90% of combinations to reduce the time, a strong password will still hold up against common attacks.
However, it is essential to keep in mind that a strong password does not guarantee your safety on the Internet. Phishing attacks can still lure you into providing sophisticated data to the attacker. Attackers can also install malware to steal private data from your devices.
So, how do phishing attacks occur? Through spam emails.
Spammers usually get your email address when it’s visible on the web, either on social networking sites or from other spam lists. If they don’t know your email address, they cannot spam you — as simple as that. To prevent phishing attacks and spams, the first thing you need to do is to keep your email address out of the attacker’s reach.
To check your email address visibility, go to Sniff Email — an online platform dedicated to finding out if your email address exists on the Internet. Enter your email address in the search field and click fetch to find out if your email address exists on the web within a few seconds. Based on the results, you can take appropriate action to remove it to stay safe.