worst passwords of 2013

Most people only use a few passwords for everything.  Many people use words they remember even their children’s names which can be simple to guessed living in the days of Facebook.  One of the big problems with passwords on the internet, many web sites use email as a way to reset passwords.  The fundamental issue with this is that if you lose control of your email, you potentially lose control of everything.  It is kind of leaving your checkbook or credit card laying on the car seat and park on any busy parking lot. Follow these password safety tips to make sure this doesn’t happen to you!

The multiple email account option

One school of thought for password safety is to use separate email accounts.  One account is the personal stuff account that you never give to family friends, it is for just utilities and banks. Make that the new one keep the old one for everyone you know and Facebook and any other web site that lacks real security. You may want to get a third or fourth for junk mail.  I have a separate account for spam or what I know will be junk mail , sites that force you to surrender your email address.  I use it when I have to “join” some site to look at something and they need my email address.

Tips for setting up multiple accounts

Anyone can get a new email address on a number of sites for free Gmail, Yahoo, Outlook and a host of others allow anyone to have an email account for free.  Be sure not to link this account to any other email address or you will be defeating the purpose. The personal stuff email address should not be your name either, you should make up a random string of letters and numbers to be your email address.  Then change your accounts with the water, electric and credit cards to the new email account.

When you create the account the password should not be easy to guess but here’s a little password safety tip: Secure sites allow the use of the symbols in passwords.  Try to use a balance of letters upper and lower case, numbers and symbols whenever possible.  I use a combination of replacements and bad spelling in my password safety strategy.  That is I replace letters in words for numbers and symbols, and the words are spelled wrong on purpose.  This makes sense to me but not to anyone else which really is the point in password protection.  Your password for email should be strong so should the password for anything dealing with your money.

The longer the password is, the stronger it is.  One of the silliest things to do with your passwords is store them on your computer or worse store them on your phone.  Some people use websites or apps that store their passwords to many things.  These sites and popular applications are active targets of thieves to seal your data. I once bought a used phone from someone on EBay with all of their credit card accounts passwords on it still.

Believe it or not many people use Pa55w0rd and 12345678.  Using things like these will ensure that you will have your email taken over by someone else.  There have been several people that have their email compromised on Gmail and Yahoo in the recent months.

Password Recovery Speeds

How long will your password stand up

A. 10,000 Passwords/sec

Typical for recovery of Microsoft Office passwords on a Pentium 100. This is a computer slower than the average cell phone.

B. 100,000 Passwords/sec
Typical for recovery of Windows Password Cache (.PWL Files) passwords on a Pentium 100 This is a computer slower than the average cell phone and much slower than current tablets.

C. 1,000,000 Passwords/sec
Typical for recovery of ZIP or ARJ passwords on a Pentium 100. This is a computer slower than the average cell phone.

D. 10,000,000 Passwords/sec

modern cell phone   or tablet

E. 100,000,000 Passwords/sec

average modern pc or laptop

F. 1,000,000,000 Passwords/sec
Typical for medium to large scale distributed computing, Supercomputers.

 

This document shows the approximate amount of time required for a computer or a cluster of computers to guess various passwords. The figures shown are approximate and are the maximum time required to guess each password using a simple brute force “key-search” attack, it may (and probably will) be possible to guess correctly without trying all the combinations shown using other methods of attack or by having a “lucky guess”.
See the bottom of the page for details about the classes of attack.

10 Characters

Just numbers. As you can see choosing a password from such a small range of characters is a bad idea.

Numerals

0123456789

Password

Class of Attack

Length

Combinations

Class A

Class B

Class C

Class D

Class E

Class F

2 100 Instant Instant Instant Instant Instant Instant
3 1000 Instant Instant Instant Instant Instant Instant
4 10,000 Instant Instant Instant Instant Instant Instant
5 100,000 10 Secs Instant Instant Instant Instant Instant
6 1 Million 1½ Mins 10 Seconds Instant Instant Instant Instant
7 10 Million 17 Mins 1½ Mins 1½ Mins Instant Instant Instant
8 100 Million 2¾ Hours 17 Mins 1½ Mins 10 Seconds Instant Instant
9 1000 Million 28 Hours 2¾ Hours 17 Mins 1½ Mins 10 Seconds Instant

26 Characters

The full alphabet, either upper or lower case (not both in this case).

Upper Case Alpha

ABCDEFGHIJKLMNOPQRSTUVWXYZ

Lower Case Alpha

abcdefghijklmnopqrstuvwxyz

Password

Class of Attack

Length

Combinations

Class A

Class B

Class C

Class D

Class E

Class F

2 676 Instant Instant Instant Instant Instant Instant
3 17,576 < 2 Secs Instant Instant Instant Instant Instant
4 456,976 46 Secs 5 Secs Instant Instant Instant Instant
5 11.8 Million 20 Mins 2 Mins 12 Secs Instant Instant Instant
6 308.9 Million 8½ Hours 51½ Mins 5 Mins 30 Secs 3 Secs Instant
7 8 Billion 9 Days 22 Hours 2¼ Hours 13 Mins 1¼ Mins 8 Secs
8 200 Billion 242 Days 24 Days 2½ Days 348 Mins 35 Mins 3½ Mins
9 5.4 Trillion 17 Years 21 Months 63 Days 6¼ Days 15 Hours 1½ Hours
10 141 Trillion 447 Years 45 Years 4½ Years 163 Days 16 Days 39¼ Hours
12 95 Quadrillion 302,603 Years 30,260 Years 3,026 Years 302 Years 30 Years 3 Years
15 1.6 Sextillion 53 Trillion years 532 Million years 53 Million years 5 Million years 531,855 Years 53,185 Years
20 19.9 Octillion 63 Quadrillion years 6.3 Quadrillion years 631 Trillion years 63.1 Trillion years 6.3 Trillion years 631 Billion years

36 Characters

The full alphabet, either upper or lower case (not both in this case) plus numbers.

Upper Case Alpha

ABCDEFGHIJKLMNOPQRSTUVWXYZ

Lower Case Alpha

abcdefghijklmnopqrstuvwxyz

Numerals

0123456789

Password

Class of Attack

Length

Combinations

Class A

Class B

Class C

Class D

Class E

Class F

2 1,296 Instant Instant Instant Instant Instant Instant
3 46,656 4 Secs Instant Instant Instant Instant Instant
4 1.6 million 2½ Mins 16 Seconds 1½ Seconds Instant Instant Instant
5 60.4 million 1½ Hours 10 Mins 1 Min Instant Instant Instant

52 Characters

This time we’re trying the full alphabet but using a mixture of upper and lower case letters, that effectively doubles the number of combinations when compared with just using a single case.

Mixed Alpha

AaBbCcDdEeFfGgHhIiJjKkLlMmNnOoPpQqRrSsTtUuVvWwXxYyZz

Password

Class of Attack

Length

Combinations

Class A

Class B

Class C

Class D

Class E

Class F

2 2,704 Instant Instant Instant Instant Instant Instant
3 140,608 14 Secs < 2 Secs Instant Instant Instant Instant
4 7.3 Million 12½ Mins 1¼ Mins 8 Secs Instant Instant Instant
5 380 Million 10½ Hours 1 Hour 6 Minutes 38 Secs 4 Secs Instant
6 19 Billion 23 Days 2¼ Days 5½ Hours 33 Mins 3¼ Mins 19 Secs
7 1 Trillion 3¼ Years 119 Days 12 Days 28½ Hours 3 Hours 17 Mins
8 53 Trillion 169½ Years 17 Years 1½ Years 62 Days 6 Days 15 Hours
9 2.7 Quadrillion 8,815 Years 881 Years 88 Years 9 Years 322 Days 32 Days

62 Characters

Mixed upper and lower case alphabetic characters plus numbers.

Mixed Alpha and Numerals

0123456789AaBbCcDdEeFfGgHhIiJjKkLlMmNnOoPpQqRrSsTtUuVvWwXxYyZz

Password

Class of Attack

Length

Combinations

Class A

Class B

Class C

Class D

Class E

Class F

2 3,844 Instant Instant Instant Instant Instant Instant
3 238,328 23 Secs < 3 Secs Instant Instant Instant Instant
4 15 Million 24½ Mins 2½ Mins 15 Secs < 2 Secs Instant Instant
5 916 Million 1 Day 2½ Hours 15¼ Mins 1½ Mins 9 Secs Instant
6 57 Billion 66 Days 6½ Days 16 Hours 1½ Hours 9½ Mins 56 Secs
7 3.5 Trillion 11 Years 1 Year 41 Days 4 Days 10 Hours 58 Mins
8 218 Trillion 692 Years 69¼ Years 7 Years 253 Days 25¼ Days 60½ Hours

86 Characters

Mixed upper and lower case alphabet and common symbols.

Mixed Alpha & Symbols

AaBbCcDdEeFfGgHhIiJjKkLlMmNnOoPpQqRrSsTtUuVvWwXxYyZz <SP>!”#$%&’()*+,-./:;<=>?@[\]^_`{|}~

Password

Class of Attack

Length

Combinations

Class A

Class B

Class C

Class D

Class E

Class F

2 7,396 Instant Instant Instant Instant Instant Instant
8 2.9 Quadrillion 9,488 Years 948 Years 94 Years 57 Years 346 Days 34 Days

96 Characters

Mixed upper and lower case alphabet plus numbers and common symbols.

Mixed Alpha, Numerals & Symbols

0123456789AaBbCcDdEeFfGgHhIiJjKkLlMmNnOoPpQqRrSsTtUuVvWwXxYyZz <SP>!”#$%&’()*+,-./:;<=>?@[\]^_`{|}~

Password

Class of Attack

Length

Combinations

Class A

Class B

Class C

Class D

Class E

Class F

2 9,216 Instant Instant Instant Instant Instant Instant
3 884,736 88½ Secs 9 Secs Instant Instant Instant Instant
4 85 Million 2¼ Hours 14 Mins 1½ Mins 8½ Secs Instant Instant
5 8 Billion 9½ Days 22½ Hours 2¼ Hours 13½ Mins 1¼ Mins 8 Secs
6 782 Billion 2½ Years 90 Days 9 Days 22 Hours 2 Hours 13 Mins
7 75 Trillion 238 Years 24 Years 2½ Years 87 Days 8½ Days 20 Hours
8 7.2 Quadrillion 22,875 Years 2,287 Years 229 Years 23 Years 2¼ Years 83½ Days

Examples

These are just a couple of examples to show the resilience of certain types of password, using the information in the tables above you will be able to make your own examples.

Sample Passwords

Class of Attack

Pwd

Combinations

Class A

Class B

Class C

Class D

Class E

Class F

darren 308.9 Million 8½ Hours 51½ Mins 5 Mins 30 Secs 3 Secs Instant
Land3rz 3.5 Trillion 11 Years 1 Year 41 Days 4 Days 10 Hours 58 Mins
B33r&Mug 7.2 Quadrillion 22,875 Years 2,287 Years 229 Years 23 Years 2¼ Years 83½ Days