How secure is your password?

We'll since my old passwords "admin", "password", and "123456" are Instant I guess I'll have to use "adminpassword123456" which should last me 2 trillion years.

MeanDrunkR2D2

It's the same as my luggage password.

1 2 3 4 5

DevilWAH

Mooseboost wrote: »

157 billion years, good to see that aliens will know my password.

Or the first guy with a Quantum computer

Funny to play with that site, as Priston shows, just because it says a password is secure does not mean it is. This is showing how long it takes to brute force the password, not how easy it is to guess. And most passwords are either guessed / social engineered to tell the password. Or a mixture of both where the attacker has an idea of the password make up to seed any brute force cracking tool. Which is a good reason not to go for common lengths like 12 which I have seen as a standard in some companies. If a hacker knows the rules that go in to shaping your passwords then it can significantly reduce the time taken to brute force it.

tpatt100

I roll my face across my keyboard and have Chrome remember the password. Doesn't work for sites that make me confirm what I rolled the first time though.

bermovick

Good news for xkcd readers! HorseBatteryStapleCorrect would take 62 septillion years.

SephStorm

My password is **********. Huh, the website automatically blocks it!

--chris--

bermovick wrote: »

Good news for xkcd readers! HorseBatteryStapleCorrect would take 62 septillion years.

lol, I understand the reference.

I have not done much research, is it possible that comic is correct?

E Double U

MeanDrunkR2D2 wrote: »

It's the same as my luggage password.

1 2 3 4 5

That never gets old lol

Shdwmage

109 quattuordecillion years.

Whatever that means.

iBrokeIT

What is your password?
https://www.youtube.com/watch?v=opRMrEfAIiI

dave0212

I use this site to generate examples of secure passwords in security awareness training to show differences in the old convention of complex passwords vs passphrases that are easier to remember

jibbajabba

Doesn't look like the universe will live long enough for someone to crack my password.

And old 'actual' password apparently takes 166 Trillion years to hack.

Mind you, I never use single words with special characters I can never remember. Just make up sentences related to the site or use popular phrases. Easier, yet more secure.

Like

TechexamsNetIsEffinAwesome

Takes 62 Septillion years

DevilWAH

jibbajabba wrote: »

Doesn't look like the universe will live long enough for someone to crack my password.

And old 'actual' password apparently takes 166 Trillion years to hack.

Mind you, I never use single words with special characters I can never remember. Just make up sentences related to the site or use popular phrases. Easier, yet more secure.

Like

TechexamsNetIsEffinAwesome

Takes 62 Septillion years

I always have a concern about pass phrases as they can be cracked with brute force if you apply simple rule of grammar and a dictionary. The average person uses about 2,000 words, Arranging them in to phrases that are 4-8 words in length that make sense and allowing for Capital letters you end up with a quite restrictive dictionary of possibilities.

I prefer to take a longer phase of 12 or more words.

the cable on my desk is a dark Purple one in a plastic bag from excel.

take the first letters

TCOMDIADPOIAPBFE

Substitute a few number and cases and stick some random(ish) symbols on the end on the end. (but not consistently so if as above I have 2 I then only substitute one with a number)

Tc0md1adpoiapbf3£!

But what is interesting according to that site is

TechexamsNetIsEffinAwesome = 62 Septillion

Tc0md1adpoiapbf3£! = 123 sextillion years.

can some one run a brute force on both and see which is quicker in reality ??

MeanDrunkR2D2

Honestly, I don't see why more banks don't use 2 factor password set ups like how Google does it for Gmail, etc. An unknown device happens to get the password right? Well, they aren't getting that text message sent to my phone to actually access my account since they would be unable to change the settings to another phone number or a different email address for that. Add in a difficult password that is hard to crack, and it makes it even more unlikely.

SephStorm

It can be very annoying for the users depending on how it is implemented. Take XBox Live's system, God i'd get 6 or 7 text/email messages to determine that year I was the one who had access, ect.

The fact is that generally banks don't need 2FA for most access needs. We aren't seeing people's accounts hacked all day, we see more issues with identity theft.

DevilWAH

MeanDrunkR2D2 wrote: »

Honestly, I don't see why more banks don't use 2 factor password set ups like how Google does it for Gmail, etc. An unknown device happens to get the password right? Well, they aren't getting that text message sent to my phone to actually access my account since they would be unable to change the settings to another phone number or a different email address for that. Add in a difficult password that is hard to crack, and it makes it even more unlikely.

We use two factor authentication for VPN access, but we use RSA tags. We have tried text messages and email, but there is on big issue. Our staff travel the world and the worst thing is when you are in a small village with out a phone signal you can't sign in! Might only affect 1 in 100 users, but if they are trying to connect to access a powerpoint presentation for a important conference then it becomes a huge issue.

Two factor is great, but often the system you most want to secure are the ones that you often need access to in critical and time sensitive situations. so if it does not work for what ever reason it can be so so so frustrating.