Password a false sense of security

The next time you are forced to create a password, with combinations of uppercase and lowercase letters, numbers and symbols, do not think that you are safe.

PasswordRandy Abrams, senior security analyst at Webroot, did some simple tests. Count all possible passwords you can create with eight characters containing numbers, uppercase and lowercase the and symbols.

He found that 95 ^ 8 possible combinations can be made (26 uppercase + 26 lowercase + 10 numbers + 33 symbols = 95 characters), which are 6.634.204.312.890.625 codes.

Suppose now that someone is trying to find your password with a typical brute-force attack. Suppose they can try out about 31 billion passwords per second. So breaking the code mentioned above can be done, in a maximum of 212,903 seconds, or 3.548 minutes, or about two and a half days.

Now, let's talk about restrictions. Suppose a service you are using requires an eight-character code.

Abrams reports that there are 70,6 trillion with 8 letters. This saves the brute-force attack 2,277 seconds, or almost 38 minutes.

But what if, in the name of security, you use an eight-character password (so you can remember it) and a service forces you to use only capital letters and symbols. It's more so; Is it a more complex password, which makes it difficult for the decoder? Not exactly.

As Abrams mentions, you've simply cut from her of potential passwords an 18,5 percent. So in two days, the attack will discover your password.

If a service requires you to add a number to this password, you have cut the potential passwords to 41 percent. So the attack will last 34 hours, or a day and a half.

 

Abrams states that it is much better to choose a longer password:

Each additional character in a password effectively increases the pool of passwords. There are 6,5 million times more word combinations with 16 lowercase characters than there are eight character codes using all four character sets. This means 'toodlesmypoodles' is much harder to crack than 'I81B @ gle'

Of course after all the above you understand the value of using the two phase authentication (2FA).

___________________

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.084 registrants.

addonbrute-forcegeneratorI'm surePassword

Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).