In this tutorial I will walk you through a password creation process and discuss it's complexity and crack-ability.
image source
Security matters
In these days of digital endeavors it is important that you, my dear reader, have got all your accounts and crypto coins secured against all sorts of malicious people. One of the most important aspects of your account security is the password. Too often we choose convenience over security, even though we do know better. When we settle for passwords that are easy to remember or common choices, we make our accounts susceptible to attacks. These kinds of combinations are ones that hackers will almost certainly try out first.
But passwords don't have to be completely random in order to be secure. Let me show you how you can turn easy phrases into robust passwords.
Build your password
Let's start with an easy password and evolve it into something more complex. We shall increase the strength until we find an optimal passphrase that you can still memorize.
We begin with a random word:
house
Not good enough. Any password below 8 characters from a simple alphabet can be cracked instantly.
thehouse
8 characters! That's cool, however, since attacker can use dictionary attacks, all simple words can be cracked instantly.
th3hous3
Very clever: Replacing the 'e' with a '3'. Actually...it isn't - modern cracking software will try all of these obvious replacement attempts.
thehousejack
Much better! Since the length has increased to 12 characters, it will take more time for a computer to solve the password. However, since these are still simple words, a dictionary attack will be effective.
Let's evaluate the complexity of this passphrase. Password complexity can be evaluated with NL where N is the number of possible inputs (alphabet) and L is the number of characters (length).
This password is 12 characters long and draws form a 26-letter alphabet, therefore the amount of possible combinations is 2612 = 9.5 x1016 . It would take a computer about 4 weeks to brute-force this password.
thehousethatjackbuilt
Alright, we have now increased our password to 22 characters. It is recommended to use passwords with more than 16 characters to protect against brute-force attempts. However, our password is still (somewhat) vulnerable to dictionary attacks. Let's expand our alphabet by adding some symbols into the mix and making out letters case sensitive.
Th3hoU5etHatJ@ckbuilt
We have now moved on to a case sensitive alphanumeric (a–z, A–Z, 0–9) alphabet that gives us 62 input possibilities instead of 26! Good stuff. However, as described in step 3. dictionary smart algorithms will try these kind of replacements out.
th3_hoU5e#t/at}J@ck=buiIT?
We have increased our passphrase length to 26 characters and we have placed symbols in between words and further random places. This is a great way to protect against brute-force and dictionary attacks.
Success! The complexity of this password equates to 6226 = 4.0 x1046 combinations. It would take a computer 3 decillion years to brute-force this password - I think we're good.
How secure is my password?
In this tutorial I have walked you through the methodology of creating secure and memorable passwords.
To test your own creations you can use this website, which will determine how long it would take a computer to crack it using brute-force.
https://howsecureismypassword.net
Warning: Please DO NOT actually use any real passwords on this website, use a SIMILAR one in terms of complexity.
More Articles like this:
Do you want know about Google alternatives?(Read article)
Do you want to know more about free and open software? (Read article)
- Nick ( @cryptonik ) -
