Brian Shrader's Siteseeing Blog

Password security

Posted May 2, 2011

If you'd like to get your week off to an unsettling start, check out How Secure Is My Password?, a site that estimates how long it would take a desktop computer to crack a password.  Don't worry, it's safe to use.  No data gets transferred.

Imagine my surprise as I discovered one of my favorite "secure" passwords would take about 3 hours to crack.  Fortunately, I was able to create one (that I could remember) which would take 2 quintillion years.


Please with your account to comment on this story. You also will need a Facebook account to comment.

Oldest First
View all
  • ken7 May 2, 2011

    The biggest strength checker weakness is not doing a dictionary checks. Brontosauruses, is a common password, and the program said it would take about 8,000 years. In reality, it may take minutes, so keep that in mind.

    There’s a lot more to good password management than passing a strength meter. You need a system where you can make strong passwords with site codes and expiration dates built into them. You need to use a short list of formulas based on the site risk level. It’s a good idea to write these down, but not keep them electronically unless you use a short hand and encrypt your electronic copies.

    Ken Klein
    Author, Healthy Passwords

  • ken7 May 2, 2011

    Several people commented on the trustworthiness of this site. On WOT several people checked the code and found nothing but local calculations.

    Several people commented on their password taking hundred+ of years to crack. You only need to be sloppy on one machine with a keystroke logger to lose your password in 30 seconds.

    Someone commented on Gmail being stronger than a bank and that being a mixed up priority. I used to think the same thing. Think about this though: If your gmail is the primary email used for password resets, it may hold the key to a lot more than your bank.

    Someone commented on the plausibility of someone having unlimited access and attempts to try a password. Most cracking programs don’t try to crack the actual site, they try to crack an encrypted copy stolen from a list or cached somewhere on your computer.

    Ken Klein
    Author, Healthy Passwords

  • sat123 May 2, 2011

    My email password would take 53 quintillion years. :) It's (counts) 21 characters though. People always gasp in horror at my password length.

  • Jammer512 May 2, 2011

    Happy I think it is the way we work, the more important the easier we want the password.

  • 23tony May 2, 2011

    just about any combination of 8 numbers & lowercase letters comes back with 3 hours. Of course, that's assuming the "PC" in question has unlimited access to make unlimited attempts at logging in to your account.

    Add one character, it goes up to 4 days. Use uppercase, lowercase, and numbers, 8 characters long, you get 10 days. Add in symbols (@#$!, etc) and make it longer, and the time goes way up.

    &T#!$ismyPA55w*rd gives me 9 quadrillion years.

  • tobywilliamson58 May 2, 2011

    great, now this guy has my passwords. i just gave him a head start, huh? won't thinkin!

  • 3stoogesfan May 2, 2011

    That was interesting. I think I need to work on all my passwords.

  • happy2.0 May 2, 2011

    Good to know. I need to change my bank password since it only takes 4 hours to crack...yet my gmail takes 713 years. Apparently, my priorities are messed up!

About this Blog:

WRAL's Brian Shrader blogs about cool video clips and other interesting Web sites. If you have any video you would like to share, please let us know.