Most people only use a few passwords for everything. Many people use words they remember even their children’s names which can be simple to guessed living in the days of Facebook. One of the big problems with passwords on the internet, many web sites use email as a way to reset passwords. The fundamental issue with this is that if you lose control of your email, you potentially lose control of everything. It is kind of leaving your checkbook or credit card laying on the car seat and park on any busy parking lot. Follow these password safety tips to make sure this doesn’t happen to you!
The multiple email account option
One school of thought for password safety is to use separate email accounts. One account is the personal stuff account that you never give to family friends, it is for just utilities and banks. Make that the new one keep the old one for everyone you know and Facebook and any other web site that lacks real security. You may want to get a third or fourth for junk mail. I have a separate account for spam or what I know will be junk mail , sites that force you to surrender your email address. I use it when I have to “join” some site to look at something and they need my email address.
Tips for setting up multiple accounts
Anyone can get a new email address on a number of sites for free Gmail, Yahoo, Outlook and a host of others allow anyone to have an email account for free. Be sure not to link this account to any other email address or you will be defeating the purpose. The personal stuff email address should not be your name either, you should make up a random string of letters and numbers to be your email address. Then change your accounts with the water, electric and credit cards to the new email account.
When you create the account the password should not be easy to guess but here’s a little password safety tip: Secure sites allow the use of the symbols in passwords. Try to use a balance of letters upper and lower case, numbers and symbols whenever possible. I use a combination of replacements and bad spelling in my password safety strategy. That is I replace letters in words for numbers and symbols, and the words are spelled wrong on purpose. This makes sense to me but not to anyone else which really is the point in password protection. Your password for email should be strong so should the password for anything dealing with your money.
The longer the password is, the stronger it is. One of the silliest things to do with your passwords is store them on your computer or worse store them on your phone. Some people use websites or apps that store their passwords to many things. These sites and popular applications are active targets of thieves to seal your data. I once bought a used phone from someone on EBay with all of their credit card accounts passwords on it still.
Believe it or not many people use Pa55w0rd and 12345678. Using things like these will ensure that you will have your email taken over by someone else. There have been several people that have their email compromised on Gmail and Yahoo in the recent months.
Password Recovery Speeds
How long will your password stand up
A. 10,000 Passwords/sec
Typical for recovery of Microsoft Office passwords on a Pentium 100. This is a computer slower than the average cell phone.
B. 100,000 Passwords/sec
Typical for recovery of Windows Password Cache (.PWL Files) passwords on a Pentium 100 This is a computer slower than the average cell phone and much slower than current tablets.
C. 1,000,000 Passwords/sec
Typical for recovery of ZIP or ARJ passwords on a Pentium 100. This is a computer slower than the average cell phone.
D. 10,000,000 Passwords/sec
modern cell phone or tablet
E. 100,000,000 Passwords/sec
average modern pc or laptop
F. 1,000,000,000 Passwords/sec
Typical for medium to large scale distributed computing, Supercomputers.
This document shows the approximate amount of time required for a computer or a cluster of computers to guess various passwords. The figures shown are approximate and are the maximum time required to guess each password using a simple brute force “key-search” attack, it may (and probably will) be possible to guess correctly without trying all the combinations shown using other methods of attack or by having a “lucky guess”.
See the bottom of the page for details about the classes of attack.
10 Characters
Just numbers. As you can see choosing a password from such a small range of characters is a bad idea.
Numerals |
0123456789 | ||||||
Password |
Class of Attack |
||||||
Length |
Combinations |
||||||
2 | 100 | Instant | Instant | Instant | Instant | Instant | Instant |
3 | 1000 | Instant | Instant | Instant | Instant | Instant | Instant |
4 | 10,000 | Instant | Instant | Instant | Instant | Instant | Instant |
5 | 100,000 | 10 Secs | Instant | Instant | Instant | Instant | Instant |
6 | 1 Million | 1½ Mins | 10 Seconds | Instant | Instant | Instant | Instant |
7 | 10 Million | 17 Mins | 1½ Mins | 1½ Mins | Instant | Instant | Instant |
8 | 100 Million | 2¾ Hours | 17 Mins | 1½ Mins | 10 Seconds | Instant | Instant |
9 | 1000 Million | 28 Hours | 2¾ Hours | 17 Mins | 1½ Mins | 10 Seconds | Instant |
26 Characters
The full alphabet, either upper or lower case (not both in this case).
Upper Case Alpha |
ABCDEFGHIJKLMNOPQRSTUVWXYZ | ||||||
Lower Case Alpha |
abcdefghijklmnopqrstuvwxyz | ||||||
Password |
Class of Attack |
||||||
Length |
Combinations |
||||||
2 | 676 | Instant | Instant | Instant | Instant | Instant | Instant |
3 | 17,576 | < 2 Secs | Instant | Instant | Instant | Instant | Instant |
4 | 456,976 | 46 Secs | 5 Secs | Instant | Instant | Instant | Instant |
5 | 11.8 Million | 20 Mins | 2 Mins | 12 Secs | Instant | Instant | Instant |
6 | 308.9 Million | 8½ Hours | 51½ Mins | 5 Mins | 30 Secs | 3 Secs | Instant |
7 | 8 Billion | 9 Days | 22 Hours | 2¼ Hours | 13 Mins | 1¼ Mins | 8 Secs |
8 | 200 Billion | 242 Days | 24 Days | 2½ Days | 348 Mins | 35 Mins | 3½ Mins |
9 | 5.4 Trillion | 17 Years | 21 Months | 63 Days | 6¼ Days | 15 Hours | 1½ Hours |
10 | 141 Trillion | 447 Years | 45 Years | 4½ Years | 163 Days | 16 Days | 39¼ Hours |
12 | 95 Quadrillion | 302,603 Years | 30,260 Years | 3,026 Years | 302 Years | 30 Years | 3 Years |
15 | 1.6 Sextillion | 53 Trillion years | 532 Million years | 53 Million years | 5 Million years | 531,855 Years | 53,185 Years |
20 | 19.9 Octillion | 63 Quadrillion years | 6.3 Quadrillion years | 631 Trillion years | 63.1 Trillion years | 6.3 Trillion years | 631 Billion years |
36 Characters
The full alphabet, either upper or lower case (not both in this case) plus numbers.
Upper Case Alpha |
ABCDEFGHIJKLMNOPQRSTUVWXYZ | ||||||
Lower Case Alpha |
abcdefghijklmnopqrstuvwxyz | ||||||
Numerals |
0123456789 | ||||||
Password |
Class of Attack |
||||||
Length |
Combinations |
||||||
2 | 1,296 | Instant | Instant | Instant | Instant | Instant | Instant |
3 | 46,656 | 4 Secs | Instant | Instant | Instant | Instant | Instant |
4 | 1.6 million | 2½ Mins | 16 Seconds | 1½ Seconds | Instant | Instant | Instant |
5 | 60.4 million | 1½ Hours | 10 Mins | 1 Min | Instant | Instant | Instant |
52 Characters
This time we’re trying the full alphabet but using a mixture of upper and lower case letters, that effectively doubles the number of combinations when compared with just using a single case.
Mixed Alpha |
AaBbCcDdEeFfGgHhIiJjKkLlMmNnOoPpQqRrSsTtUuVvWwXxYyZz | ||||||
Password |
Class of Attack |
||||||
Length |
Combinations |
||||||
2 | 2,704 | Instant | Instant | Instant | Instant | Instant | Instant |
3 | 140,608 | 14 Secs | < 2 Secs | Instant | Instant | Instant | Instant |
4 | 7.3 Million | 12½ Mins | 1¼ Mins | 8 Secs | Instant | Instant | Instant |
5 | 380 Million | 10½ Hours | 1 Hour | 6 Minutes | 38 Secs | 4 Secs | Instant |
6 | 19 Billion | 23 Days | 2¼ Days | 5½ Hours | 33 Mins | 3¼ Mins | 19 Secs |
7 | 1 Trillion | 3¼ Years | 119 Days | 12 Days | 28½ Hours | 3 Hours | 17 Mins |
8 | 53 Trillion | 169½ Years | 17 Years | 1½ Years | 62 Days | 6 Days | 15 Hours |
9 | 2.7 Quadrillion | 8,815 Years | 881 Years | 88 Years | 9 Years | 322 Days | 32 Days |
62 Characters
Mixed upper and lower case alphabetic characters plus numbers.
Mixed Alpha and Numerals |
0123456789AaBbCcDdEeFfGgHhIiJjKkLlMmNnOoPpQqRrSsTtUuVvWwXxYyZz | ||||||
Password |
Class of Attack |
||||||
Length |
Combinations |
||||||
2 | 3,844 | Instant | Instant | Instant | Instant | Instant | Instant |
3 | 238,328 | 23 Secs | < 3 Secs | Instant | Instant | Instant | Instant |
4 | 15 Million | 24½ Mins | 2½ Mins | 15 Secs | < 2 Secs | Instant | Instant |
5 | 916 Million | 1 Day | 2½ Hours | 15¼ Mins | 1½ Mins | 9 Secs | Instant |
6 | 57 Billion | 66 Days | 6½ Days | 16 Hours | 1½ Hours | 9½ Mins | 56 Secs |
7 | 3.5 Trillion | 11 Years | 1 Year | 41 Days | 4 Days | 10 Hours | 58 Mins |
8 | 218 Trillion | 692 Years | 69¼ Years | 7 Years | 253 Days | 25¼ Days | 60½ Hours |
86 Characters
Mixed upper and lower case alphabet and common symbols.
Mixed Alpha & Symbols |
AaBbCcDdEeFfGgHhIiJjKkLlMmNnOoPpQqRrSsTtUuVvWwXxYyZz <SP>!”#$%&’()*+,-./:;<=>?@[\]^_`{|}~ | ||||||
Password |
Class of Attack |
||||||
Length |
Combinations |
||||||
2 | 7,396 | Instant | Instant | Instant | Instant | Instant | Instant |
8 | 2.9 Quadrillion | 9,488 Years | 948 Years | 94 Years | 57 Years | 346 Days | 34 Days |
96 Characters
Mixed upper and lower case alphabet plus numbers and common symbols.
Mixed Alpha, Numerals & Symbols |
0123456789AaBbCcDdEeFfGgHhIiJjKkLlMmNnOoPpQqRrSsTtUuVvWwXxYyZz <SP>!”#$%&’()*+,-./:;<=>?@[\]^_`{|}~ | ||||||
Password |
Class of Attack |
||||||
Length |
Combinations |
||||||
2 | 9,216 | Instant | Instant | Instant | Instant | Instant | Instant |
3 | 884,736 | 88½ Secs | 9 Secs | Instant | Instant | Instant | Instant |
4 | 85 Million | 2¼ Hours | 14 Mins | 1½ Mins | 8½ Secs | Instant | Instant |
5 | 8 Billion | 9½ Days | 22½ Hours | 2¼ Hours | 13½ Mins | 1¼ Mins | 8 Secs |
6 | 782 Billion | 2½ Years | 90 Days | 9 Days | 22 Hours | 2 Hours | 13 Mins |
7 | 75 Trillion | 238 Years | 24 Years | 2½ Years | 87 Days | 8½ Days | 20 Hours |
8 | 7.2 Quadrillion | 22,875 Years | 2,287 Years | 229 Years | 23 Years | 2¼ Years | 83½ Days |
Examples
These are just a couple of examples to show the resilience of certain types of password, using the information in the tables above you will be able to make your own examples.
Sample Passwords |
Class of Attack |
||||||
Pwd |
Combinations |
||||||
darren | 308.9 Million | 8½ Hours | 51½ Mins | 5 Mins | 30 Secs | 3 Secs | Instant |
Land3rz | 3.5 Trillion | 11 Years | 1 Year | 41 Days | 4 Days | 10 Hours | 58 Mins |
B33r&Mug | 7.2 Quadrillion | 22,875 Years | 2,287 Years | 229 Years | 23 Years | 2¼ Years | 83½ Days |