By Charles Miller
Once, someone smugly told me they used a five-letter password that nobody could ever guess. In their ignorance they believed that since “senha” is the Portuguese word for “password” that it was safe. Unfortunately, any word that appears in any dictionary of any language is not a good password.
In reality, “senha” in all lower case only takes 200 microseconds to guess, meaning a super computer could crack that password plus about 300,000 similarly weak ones in one minute flat. Adding the capital letter in “Senha” takes almost ten times longer; but still only nine milliseconds. Making the password longer as “Senha123” means the password might take one hour to crack. The more characters the better because “Senha1234567” could take two thousand years to break.
Adding punctuation or a special character as in “Senha123456!” gets really serious and could take 34 thousand years. For the truly security conscious, a password of 15 characters which includes upper case, lower case, numbers, and symbols as “Senha123%$#-it!” theoretically could take 15 billion years to deduce.
There are several different methodologies that may be employed by super computers to crack passwords. Dictionary attacks try matching every word in the dictionary. Lists containing millions of commonly used passwords are often employed, while brute force attacks simply try every possible combination of characters.
There are a number of very good websites that can analyze your password and estimate how long it might take for cyber crooks using a super computer to crack it. The providers of these public-service web sites employ different methods to estimate how strong a password is, so the results can differ wildly. The website at “security.org/how-secure-is-my-password” is one of my favorites. Other very good sites to visit are “www.passwordmonster.com” or “comparitech.com/privacy-security-tools/password-strength-test” and you are sure to find others if you search online for “test password strength.”
If you spend a few minutes playing around with the aforementioned web sites, it should soon be evident that one method for guessing passwords is better for some kinds of passwords, while a different method might be better for a different kind of password. Fortunately, the crooks cannot know in advance which of these methods is best to employ when trying to hack your bank account.
One thing that is universally true about passwords is the longer they are the stronger they are. So if you are absolutely determined to keep using the short 8-character password you can remember, try typing it in twice to create a stronger 16-character password you can remember.
That person who wrongly believed their password was secure just because it was Portuguese would have been better protected had they tried Spanish because “contraseña” has more letters. By one metric that word would require 19 days to guess while one of the other sites I recommended earlier says it could take years.
Charles Miller is a freelance computer consultant, a frequent visitor to San Miguel since 1981 and now practically a full-time resident. He may be contacted at 415-101-8528 or email FAQ8@SMAguru.com.
