I did the password tester and one that I thought of as difficult said 10 days to crack the one that I thought less difficult said a 1000 years. Mind you 10 days is good enough , surely anyone would have given up by then to see the boring stuff on my work PC and if they want to spend 10 days solid then they deserve a look for their efforts , they may die of boredom though.
I varied my password so did not use my actual password and it came out at 90,000,000,000,000,000,000,000,000 years
if someone is trying to crack your password ' its not a human sitting there ' so 10 days is nothing.
I played about and got it up to
11,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000 years
I have always wondered... Surely the websites we sign up to know our passwords? Or do they? I don't know how this works
Do the owners of DS know my DS password?
I'm not very tech savy in case you can't tell!
I've known people have EverQuest / WOW accounts hacked and they swear they used a unique password, on further probing it would turn out they used a 'unique' password for the game and all other websites/forums they use associated with that game. doh!
Game over ...
In theory, a well behaved website won't store your password, it will store an encrypted 'hash' based on your username (stored) password (not stored) and another piece of information (same for all users) that only the site owner knows. Logins are then validated by rehashing the info and seeing if you get a match.
Personally I usually avoid any site that is capable of sending you a password reminder (e.g. via email) rather than generating a new password for you, as this is a tell-tale sign that they store your password.
I also use a unique password for every website. These are generated using a highly modified version of this - http://angel.net/~nic/passwd.current.html - a SHA-1 hash generated from a master password and the name of whatever site I'm using. For ease of access I've downloaded a copy of the page to my mobile.
I doubt it. They have better things to do than guess my passwords
Most of my classmates don't even know this site exists so I think I'm safe
The thing is, people could still work your password out, just from the info you've given here. To test the theory, I've looked at your posting history, and from info related to your location and the courses you take, I think I have a fair idea of what uni you're at, and what L.A. stands for.
If I really wanted to, I could ring the uni tomorrow and ask what room she's in...... And I'd have your password.
Mostly, if it's not in its database, it just works out how many permutations the length of your password has, and how long it would take a PC to go through all combinations at millions per second.
Yep, it's pathetic.
I entered 1234567890 and it said "instantly".
So I repeated it, 3 more times (40 characters). It said 79 sextillion years.
Nonsense! and Pathetic. I'm not giving *any* clues as to how I create and remember my most important passwords except to say that none are written down and none ever have been. The rest are simpler but I don't care about those sites being cracked. A keylogger will usually get you anyway, whatever your password is, so computer security is the most important thing.
But when I am older and senile and forget them all, my family will have to get the sites to generate new passwords or, in most cases, just ignore the sites for ever. DS would be one of them, I suspect!
People are getting hung up on this daft password site. The main thing is that you don't choose a password of something obviously dear to you like dog/car/football team/wife or super lazy like 123456 (I foiled them by writing it backwards).
As long as you do that, anybody interested in your data would do much better to install malware on your computer, rifle your desk for password reminders or simply spy on you. Your favourite email or ecommerce site is simply not going to let them try a million password combinations.
Mostly, if it's not in its database, it just works out how many permutations the length of your password has, and how long it would take a PC to go through all combinations at millions per second.
In reality of course it would need to submit each one to the software, web-site, encryption program etc, which will not allow so many attempts and will not be that fast.
Also, if you use only lower or upper-case letters, it only allows 26 possibilities for each character when it works out how long to try all combinations. But use both, and/or include digits, it increases the number. Of course the cracker will not know what you've used and so will need to try all possible characters anyway (A..Z, a..z, 0..9, symbols and odd characters).
Something it does show is that using a slightly longer password, even using only lower-case letters, gives you just as secure a password (in terms of possible permutations) as a shorter one that uses mixed case, digits and symbols, but that could be a nightmare to remember. But often you aren't given a choice.
.......if nothing else, the ‘password tester’ site has made a lot of people on here re-evaluate ALL aspects of their password/internet security.
Sohereitismerrychristmaseverybodieshavingfun would take A quattuordecillion years to crack.
However if you guessed the first few words surely it would become fairly obvious. Therefore the actual strength would be that of sohereitis which would only take 9 hours to crack
Sohereitismerrychristmaseverybodieshavingfun would take A quattuordecillion years to crack.
However if you guessed the first few words surely it would become fairly obvious. Therefore the actual strength would be that of sohereitis which would only take 9 hours to crack
word association and all that
How would you know if you had correctly guessed the first few words?
When entering a password, you will be told if it is correct or not, it does not let you know if it is partially correct.
However, if someone who was trying to guess your password knew that you were a Slade fan, then this password would be a lot less secure than that password checker website suggests.
Think that website estimates the time it would take to crack a password using the brute-force technique, which grows exponentially with increasing key size. It would be a lot quicker going through likely segments of Slade's song lyrics.
Could you not just have have a complex password saved in a word program ready to cut and paste. SWIM does this.
You could but it's not very secure, if someone gained access to your device they will have access to your passwords.
I recommend using a password manager, which stores your passwords securely. The one I use automatically fills in my login details for sites which have been previously stored, so I don't need to remember any of my passwords (apart from the one to access the password manager itself)
Sohereitismerrychristmaseverybodieshavingfun would take A quattuordecillion years to crack.
However if you guessed the first few words surely it would become fairly obvious. Therefore the actual strength would be that of sohereitis which would only take 9 hours to crack
word association and all that
Yes but Sohereitismerrychristmaseverybodiesh@vingfun might not be so easy.
That would take a A vigintillion years to crack. That is my first new word of the day. I have never seen it before.
It is 10^63 apparently. I probably would be dead by then
It's all down to the crapiness of password policies set by IT departments, usually dictated by managers who are too thick to understand security or remember passwords.
At my place, the enterprise password (for Windows and intranet services) has a policy of the following:
Password must be changed every three months.
Password Must contain at least ten characters
Minimum of two uppercase letters
Minimum of two lower case letters
Minimum of two numerals
Minimum of two non-alphanumeric characters
No words or substrings of words from its dictionary.
And writing down your password is a dismissable offence.
At my place, the enterprise password (for Windows and intranet services) has a policy of the following:
Password must be changed every three months.
Password Must contain at least ten characters
Minimum of two uppercase letters
Minimum of two lower case letters
Minimum of two numerals
Minimum of two non-alphanumeric characters
No words or substrings of words from its dictionary.
Which actually could speed up a brute-force search because all combinations that don't meet those criterea can be dismissed!
It's also possible to use the approach I suggested earlier which is a fixed prefix or suffix that satisfies the requirements, followed by a nice, easy password of your choice. Eg: AAbb11**john. Next quarter it can be AAbb11**nhoj.
(Depending on its dictionary rules otherwise you might need to do AAbb11**j-o-h-n.)
And writing down your password is a dismissable offence.
Store it in an encrypted file that no-one else can access. The password for that can be what you like.
Comments
I varied my password so did not use my actual password and it came out at 90,000,000,000,000,000,000,000,000 years
if someone is trying to crack your password ' its not a human sitting there ' so 10 days is nothing.
I played about and got it up to
11,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000 years
but it would be impossible to remember
I've known people have EverQuest / WOW accounts hacked and they swear they used a unique password, on further probing it would turn out they used a 'unique' password for the game and all other websites/forums they use associated with that game. doh!
Game over ...
In theory, a well behaved website won't store your password, it will store an encrypted 'hash' based on your username (stored) password (not stored) and another piece of information (same for all users) that only the site owner knows. Logins are then validated by rehashing the info and seeing if you get a match.
Personally I usually avoid any site that is capable of sending you a password reminder (e.g. via email) rather than generating a new password for you, as this is a tell-tale sign that they store your password.
I also use a unique password for every website. These are generated using a highly modified version of this - http://angel.net/~nic/passwd.current.html - a SHA-1 hash generated from a master password and the name of whatever site I'm using. For ease of access I've downloaded a copy of the page to my mobile.
I managed to get 'Infinity years'. Not too hard to remember either: just typing 'a' 220 times.
It really would be impossible considering you can't have characters that long for passwords. Lol
The thing is, people could still work your password out, just from the info you've given here. To test the theory, I've looked at your posting history, and from info related to your location and the courses you take, I think I have a fair idea of what uni you're at, and what L.A. stands for.
If I really wanted to, I could ring the uni tomorrow and ask what room she's in...... And I'd have your password.
Yep, it's pathetic.
I entered 1234567890 and it said "instantly".
So I repeated it, 3 more times (40 characters). It said 79 sextillion years.
Nonsense! and Pathetic. I'm not giving *any* clues as to how I create and remember my most important passwords except to say that none are written down and none ever have been. The rest are simpler but I don't care about those sites being cracked. A keylogger will usually get you anyway, whatever your password is, so computer security is the most important thing.
But when I am older and senile and forget them all, my family will have to get the sites to generate new passwords or, in most cases, just ignore the sites for ever. DS would be one of them, I suspect!
As long as you do that, anybody interested in your data would do much better to install malware on your computer, rifle your desk for password reminders or simply spy on you. Your favourite email or ecommerce site is simply not going to let them try a million password combinations.
.......if nothing else, the ‘password tester’ site has made a lot of people on here re-evaluate ALL aspects of their password/internet security.
....which can only be a good thing.
The password
Sohereitismerrychristmaseverybodieshavingfun would take A quattuordecillion years to crack.
However if you guessed the first few words surely it would become fairly obvious. Therefore the actual strength would be that of sohereitis which would only take 9 hours to crack
word association and all that
How would you know if you had correctly guessed the first few words?
When entering a password, you will be told if it is correct or not, it does not let you know if it is partially correct.
However, if someone who was trying to guess your password knew that you were a Slade fan, then this password would be a lot less secure than that password checker website suggests.
Think that website estimates the time it would take to crack a password using the brute-force technique, which grows exponentially with increasing key size. It would be a lot quicker going through likely segments of Slade's song lyrics.
I could never type that in without getting it wrong.
You could but it's not very secure, if someone gained access to your device they will have access to your passwords.
I recommend using a password manager, which stores your passwords securely. The one I use automatically fills in my login details for sites which have been previously stored, so I don't need to remember any of my passwords (apart from the one to access the password manager itself)
Yes but Sohereitismerrychristmaseverybodiesh@vingfun might not be so easy.
That would take a A vigintillion years to crack. That is my first new word of the day. I have never seen it before.
It is 10^63 apparently. I probably would be dead by then
Dwfw#+$1$34ade11xaEwfwd£$×:;!wg1gzZ$×$"1Eqwrr3AFwfDTgqi
Nobody would be able to successfully hack this type of password.
Copy and paste.
I think it just goes by how many characters are used. I managed to get to infinity.
At my place, the enterprise password (for Windows and intranet services) has a policy of the following:
Password must be changed every three months.
Password Must contain at least ten characters
Minimum of two uppercase letters
Minimum of two lower case letters
Minimum of two numerals
Minimum of two non-alphanumeric characters
No words or substrings of words from its dictionary.
And writing down your password is a dismissable offence.
It's also possible to use the approach I suggested earlier which is a fixed prefix or suffix that satisfies the requirements, followed by a nice, easy password of your choice. Eg: AAbb11**john. Next quarter it can be AAbb11**nhoj.
(Depending on its dictionary rules otherwise you might need to do AAbb11**j-o-h-n.)
Store it in an encrypted file that no-one else can access. The password for that can be what you like.