Password Security is Becoming More Important

I saw a very interesting post on a friend's Facebook wall recently which I felt I had to investigate further. We all need passwords for access to so many different websites these days and managing them is becoming a nightmare. As a Nottingham Web Designer, I have to manage many more than the average user.

Every website we go to has different rules as to how secure the password must be and we are always being told to add upper and lower case letters, numbers and symbols. A new method of generating secure passwords that would be easy to remember would be a wonderful thing and this is what I saw:

 

This is an attractive proposition. Your password is not only easier to remember but also more difficult to track. But is it true? Not everyone agrees. But neither does anyone truly explain their reasonings behind the calculations. So I thought I would put on my mathematical hat and do my own analysis of this.

Password Entropy - Entro-what?

Password Entropy is a posh way of calculating the maximum number of guesses that would have to be made in order to be sure of coming up with somebody's password. So if a password consisted of one lower case letter then you would have to guess up to 26 times in order to cover all possible combinations. Increase this to upper and lower case letters and the number of guesses doubles to 52. Add numbers and symbols and the number increases to 95. A lot of guesses to you and me but not many guesses to a computer.

Increasing your password length to two increases the guesses required exponentially. A two-character password that consists of lower case letters only would add 676 (26 x 26) more guesses. So let us take this calculation much further, Most passwords are six characters long. This is how many guesses would have to be made to cover all possible combinations:

  • All lower case: 321 million
  • Mix of lower and upper case: 20 billion
  • Mix of lower case, upper case and numbers: 57 billion
  • Mix of any character on the keyboard: 742 billion

It is clear from this list how much safer it becomes when you mix other characters into your password. But what about the example above? Let us consider the password correcthorsebatterystaple. In theory, it would take something like 0.246 billion billion billion billion guesses. So it looks like they are right.

But hold on, most computer programs that try and guess passwords do not do it letter by letter. They use dictionaries of popular words to guess passwords. If all 4 words were in these dictionaries then they might only have to guess 2000 times for each word which is a total of 16,000 billion times. This may sound like a lot but if a computer network went to work on this it could guess this in less than a minute!

So How Can I Make a Truly Safe and Memorable Password?

I believe you should use a combination of both techniques with perhaps more emphasis on the length of the password than the mixture of symbols. You can increase the safety of the method above by following these rules:

  • Use obscure words
  • Use foreign words
  • Use local slang
  • Mis-spell the words but not in an obvious way
  • Add in some meaningful numbers in the middle
  • Add some unusual symbols that are easy to remember

For example, using the above example, we could come up with COrrect9hORse8baTTery7staPLe*$

I capitalised the first and second letters of the first word, the second and third of the second word and so on. I counted down from 9 and inserted numbers inbetween each word and added a star and a dollar sign onto the end (this could have been at the beginning or middle). To guess this without a dictionary would take billions of centuries to calculate with a network of computers that could make 100,000 billion guesses per second. But even with a dictionary, it would still take many years to calculate and if  instead of using those four words I cam up with my own such as "obtuse chargement seconded wisecrack"  I multiply the effort required even more.

Conclusion

Password security has never been more important. They are cracked constantly and you are becoming more and more at risk of having your access to some websites being hacked. So think carefully the next time you choose a password. With a small bit of effort you could be saving yourself a whole lot of grief.

More Articles

Subscribe to Net Quality's RSS feed

Web Design XML RSS Feed
Call us on 0115 963 6589
0115 727 0345
LiveZilla Live Help