Conventional wisdom has it that passwords should be long, alphanumeric and, most importantly, need to be changed on a regular basis. In fact, as many of you already know, companies require their employees to change their passwords at regular intervals for security purposes. As it turns out, much of what we believe in when it comes to password security isn't necessarily true, as several researchers and studies have recently pointed out. The science may be complex, but we've boiled it down so that you can find out how to generate an “uncrackable” password.
It has become a common practice for websites to evaluate your passwords on a scale from weak to strong. Based on the algorithms used by websites such as Facebook and Twitter, alphanumeric passwords get the highest “security” rating. As developer Cameron Morris managed to discover, however, a lot of these supposedly safe passwords can be hacked by an amateur in less than one day. If you take an alphanumeric password such as “34Lakers56” named after your favorite basketball, it may pass the Facebook strength test, but leaves you totally exposed to outside attacks.
Morris completely redefines the concept of password strength. Instead of judging the value of a password on a relative scale, Morris developed an analytical tool that could determine how much time it would hypothetically take to crack your password.
Using his Passfault Analyzer (a tool which I rurge all of you to try out), you'll encounter some surprising results. Turns out my favorite password (which I use to guard my WiFi connection) could be cracked in just 3 days, whereas it would take several months to decode my childhood password which is a made-up word (apparently, baby words work great as passwords!). Obviously, we would all like to have passwords that would take at least a billion years to crack.
You may not like to hear this, but truly secure passwords need to be long, really, long, like anything from 20 to 30 symbols. More importantly, your password should not include any words that can be found in the dictionary. Generating a cryptic alphanumeric password devoid of words may be a difficult endeavor, especially when you have to memorize the bloody thing.
So as a recent Carnegie-Mellon study suggests, once you've found a password that would take lightyears to crack – stick to it. Changing your password actually undermines your security and you can't be expected to memorize a random set of characters every three months. Then we start writing these passwords down on bits of paper– and it's a downward slope from there on in terms of security. That's why it's essential to memorize one or two bulletproof passwords and test them with the Passfault Analyzer tool. Can't think of a good “uncrackable” password? Here's a good tutorial video on how to come up with the perfect password and leave the hackers biting their nails:
How did you fare in the Passfault test? Did your passwords turn out to be as safe as you thought? Share your thoughts in the comments!