Web Watch has covered password hacks like the recent ones at LinkedIn, eHarmony, Last.fm, and others.
We’ll start with the standard recommendation: if you’ve been using one of those sites Web Watch just mentioned, please go and change your password immediately. It’s okay… we’ll wait.
And you’re back…
As a reminder, some of the password suggestions we’ve made in the past can be found here:
and there are others.
So since we’ve already talked about the things that you should do to change your password and how to make a nice strong password, the next question to ask is whether the password you’ve selected is actually strong and unique enough to avoid being hacked.
So let’s take a look at some statistics about how long it can take computer hackers to break your password.
Let’s start with the simple: a 6-character password using just the alphabet and numbers can take almost one month to be hacked using a slow hacker method. A fast hacker method? You won’t even have time to blink – literally.
Making it a 10-character password with just the alphabet and numbers? About the same amount of time: a bit less than a month, or as quick as less than a minute, depending on the methods used.
Add a non-alphanumeric character to the mix, and you’re looking at a hack timeframe of over 200 years for a 6-character slow hack (or a 2 minute fast hack).
Make that password have 10 characters that include a symbol? That hacker needs to work their butt off to guess your password: using a slow hacking method, they’ll need to have a few million years available… but still almost three weeks to hack it using super-computers.
If a hacker is going to spend 3 weeks trying to hack your 10-character password, you better be either super important, super famous, or super rich to garner their attention over more vulnerable targets.
So how can you determine how secure your password is yourself? Just visit the GRC PASSWORD CHECKER and enter your password to find out.
Now, we know you’re thinking to yourself: why should I go to some random website and type in my password?
You’re right – you shouldn’t do that.
But you can certainly fake your password by using different letters than what your real password is. Instead of typing the number “2”, why not type the number “3” or “4”?
Web Watch has used many of the tools on the Gibson Research website in the past – they’re one of the good guys, always looking out for ways to improve your computing life. When they say that they don’t record or retain the password you type — everything stays directly in the browser — they mean it.
So let’s take a look at what a non-hackable password could be. We’ll try something easy and just made-up, like this: IReadWebWatchOn6/9
- It’s longer than 10 characters – longer passwords are infinitely more difficult to crack
- It has a combination of upper- and lower-case letters, numbers, and it has a symbol
There are over 4.01 x 1035 different combinations at play here. Yes, that’s a lot of zeros in that number.
Using the fastest, most technically advanced hacking method possible, it will still take 1.28 trillion centuries to hack that password.
Of course, if the site you’re using gets broken into and has all of their password files stolen – you’ll still have to change your password. But if you’re trying to protect your own data, going long and hard is your best bet.