Which Password is Better?

Ay5xhQxV!D or hfybnzfylawcxfyj

Steve Gibson was talking in the latest Security Now episode – #442 about his latest project and how he was trying to get around the problem of entering secure passwords on phones and tablets which have very small keyboards and how hard it is to enter special characters. His solution was to only use lower case alphabet characters, but make the length longer.

I did a quick analysis on Steve’s password site on how long it would take to crack the above specific passwords.

The first password Ay5xhQxV!D, uses all possible characters, but is only ten characters long. He calculates that in an “Offline Fast Attack Scenario: it would take 19.24 years to crack.

The second simpler password hfybnzfylawcxfyj, only uses lower case alphabet characters, but is 16 characters long and would take 144 centuries to crack.

The conclusion is that you can only use a lower case alphabet characters, but you have to use a long length – 16 characters or longer to get adequate protection.

I use LastPass for all my online passwords and allow it to generate 16 character passwords using all characters. That combination results in 141 billion centuries to crack!

For accounts that you do have to enter passwords into on your phone or tablet, like Netflix when it updates its apps, a long lowercase mixed-alphabet password will do a good job.


About Tom Terrific

Interested in MANY things.
This entry was posted in Passwords. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s