In the past few days I have had some questions about passwords, and I came across a great article about relative password strength with an accompanying Interactive Brute Force Password “Search Space” Calculator. This tool lets you see how tough your password is to crack if someone attempted to gain access to your account completely blind.
The bottom line is both character variety and length are important when creating a password. All those websites that force users to use "one capital letter, one number, one symbol" are definitely on to something, because it makes your password that much more difficult to break into when doing so blind. Password length also has a much bigger impact than you may realize.
For example, using the calculator, we can see that an 8 character password using at least one of each character type would take about 18 hours to crack in an offline best case scenario, but if you add just one more letter, that becomes two and a half months, and with one more letter than that, it the time to break becomes roughly 19 years! The article talks about a technique called "padding", where you simply add a string of easy-to-remember characters to an already easy to remember password to create a secure password.
Trying out some passwords on this calculator and having this discussion in the classroom could be useful for upper intermediate students who may start (or have already started) creating their own online accounts sometime in the near future.
No comments:
Post a Comment