By now, most people are aware of the concept – and the importance – of having strong passwords. Generally a strong password is one that is difficult for an individual to guess or a system to crack. There are too many instances where security has been breached and in the case of a corporate breach in security, this is a big problem as confidential client information can be exposed and obtained.One of the bigger challenges is how to make passwords stronger without making it more difficult to remember.
Intel has a website[s1] where you can enter a password and it will estimate how long it would take for the password to be cracked given the complexity of it.
In a simple case, take the password Twinkletoes76. Many would think that this is moderately strong as it’s not a dictionary term and the numbers at the end just add to the complexity. The Intel webpage (http://www.intel.com/content/www/us/en/security/passwordwin.html) estimates that this password would take 0.007 seconds for an automated system to crack.
Please note that the password(s) that you enter are not sent to their servers, or stored online anywhere, the calculations are strictly done via your local browser. Still, they recommend making slight changes to your password for safety's sake.
The next approach in password generation is to embed special characters in the password and substitute these characters for the alphabetic characters in the password. Using the same base password as above, by simply changing the letter i to the number 1 and changing the l to an exclamation mark, then the new password of Tw1nk!etoes76 all of a sudden becomes much more secure and it would take a week to crack.
Here is where it gets fun.
A special character can be inserted in the password and it will not make it much more difficult to remember but it will significantly improve the strength. By placing a @ between the 1st and the 2nd characters so that the password is now T@w1nk!letoes76, the estimate is that it would take 1 year to guess the password.
Finally, to supersize the strength, just repeat that newly inserted special character and repeat it either one of more times so that the password is now either T@@w1nk!etoes76 or T@@@w1nk!etoes76 (with 2 or 3 @ signs respectively) and the estimates increase to 33 years for the former and 1,076 years for the latter!
In terms of memorization, it’s no harder for a human to remember the very last password than the original. Cognitively, we recognize that it’s still twinkletoes76 with character substitution with the i and the l and with 3 @ added in to the strong.
No comments:
Post a Comment