The Curse of the Password

The sheer amount of information that we store digitally is staggering and for many it is left poorly protected by a weak password. I am sure everyone knows they should have a secure password, a random collection of letters, capitals, numbers and symbols to create an impenetrable barrier to the nefarious scoundrels of the internet.  The frustration of these passwords is they are a pain to remember which inevitably leads to the “forgot your password” link, sooner or later frustration gets the better of us and a poor password is set.

A reality check for our current approach to “secure” passwords – they are not secure even when we think they are.   While they are hard for us to remember they are still highly vulnerable to being cracked unless they are of considerable length…which of course increases the chances of it being forgotten and the cycle begins again.So, what is the solution?  Biometrics (fingerprint, face, voice)?  Nope, while the theory of its uniqueness is heralded as the pinnacle of security the vulnerability is also inherent in that uniqueness, if it is compromised…you cannot change it.By far the most secure approach to passwords is one that you will find surprisingly easy to remember, a random phrase such as “AardvarksReadErnestHemingway”


Typical “secure” password: Ha@rDp@55

Online Attack – Over two thousand centuries (pretty safe)Offline Fast Attack – Nearly 19 hours (err not so good)Mass Cracking Array – Just over 1 minute (Oh ****)

Random sentence password: AardvarksReadErnestHemingway

Online Attack – 3.62 hundred billion trillion trillion centuriesOffline Fast Attack – 3.62 thousand trillion trillion centuriesMass Cracking Array – 3.62 trillion trillion centuries

Please Go forth and sort your passwords, make them secure, easy for you to remember and make those “Forgot your Password” links a thing of the past.  If you have a site that insists on numbers or symbols place it at the start\end of your password AardvarksReadErnestHemingway!

Contact Plan2IT for assistance with securing and protecting your digital world.  Our business clients can contact us regarding our system security audit which will highlight any weaknesses and provide an action plan for improvements.

Leave a Reply

Your email address will not be published. Required fields are marked *