How secure is my password?

How secure is my password? Let’s talk about the importance of password strength and look at how long it takes to crack them!


In this week’s Cyber Security Minute, we are going to answer this question. First let’s talk about the importance of password strength. So, one of the ways that hacker’s can get into your account is by cracking your password. They can do this many different ways: by cracking the hash, using rainbow tables, or a dictionary lookup.

If you have a password that is a simple word, like “puppy”, it will be found in the dictionary and immediately crack your password. We have all been told that standard words are not good for security, so we need to increase the strength of our password by using uppercase, lowercase, numbers, and special characters.

To do that, we are going to increase the strength of our passwords. If we do that, that means that a hacker can break into it using a dictionary, but instead needs to resort to a brute force attack. Brute force is simply a guessing of the password. It starts with A, then AA, then AB, then AC, until they eventually find your password. So, what is a good password strength? Let’s start by looking at some weak passwords, and increase in complexity until we find a good, secure password.

First, let’s start with a simple word like “puppy”. How long will it take to crack the password “puppy”? Well, since it is a dictionary word, it occurs almost instantly! This is a really easy password because it is in the dictionary, making it an ineffective password.

If you read any security books, they recommend using uppercase and lowercase, as well as numbers and special characters. One of the examples often used is the password, “P@$$w0rd”. How long do you think that would take to crack? Well, it takes about 9 hours with a standard computer to do the brute force attack.

While that is good, it isn’t really strong enough, so we are going to increase the password length to increase the time required to brute force the password. Consider the next example, using a password of Dr@g0nBr3+h. This is a fairly complex and relatively long password, so how long will it take to brute force? About 34,000 years. That is pretty good, but still not considered secure enough yet, so let’s try one more example.

If you look at the Department of Defense, they have a password policy that requires passwords to be complex, having over 16 characters in length and containing uppercase, lowercase, numbers, and special characters. Consider this last example, the password “Th1s1sH@rder$#%&”. How long will this one take to brute force? About 1 trillion years, which is obviously long enough for us to feel secure. This is an example of a good, secure, hard, and long password that could be used in your systems.

This is the idea of how secure is your password. Do you want to test out your passwords to see how long it would take to brute force them? Visit howsecureismypassword.net to test you your passwords.

If you have a question for the Cyber Security Minute, please leave them in the comments below, as well as clicking subscribe to our YouTube channel (JasonDionTraining) to ensure you don’t miss any of our new episodes each and every Monday.


-=-=-=-=-=-=-=-=-=-=-=-=-=-
Visit https://www.JasonDion.com for cyber security information, certification exam prep courses, and more.

Additional Courses:
** Network+ (N10-006): Full Course on Udemy (90% off, only $10) **
https://www.udemy.com/comptia-network-cert-n10-006-full-course/?couponCode=CSM_YOUTUBE10

** Anatomy of a Cyber Attack on Udemy (90% off, only $15) **
https://www.udemy.com/anatomy_cyber_attack/?couponCode=CSM_YOUTUBE15

Jason Dion, CISSP No. 349867, is a Adjunct Instructor at Liberty University’s College of Engineering and Computational Science and Anne Arundel Community College’s Department of Computing Technologies with multiple information technology professional certifications, including Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH), Certified Network Defense Architect (CNDA), Digital Forensic Examiner (DFE), Digital Media Collector (DMC), Security+, Network+, A+, and Information Technology Infrastructure Library v3. With networking experience dating back to 1992, Jason has been a network engineer for the United States Navy Southern Command, served as the Deputy Director of the Theater Network Operations Center Middle East, and the Information Systems Officer for Navy Information Operations Command Maryland. Jason holds a Master’s of Science degree in Information Technology with a specialization in Information Assurance from University of Maryland University College, a Master’s of Arts and Religion in Pastoral Counseling, and a Bachelor’s of Science in Human Resources Management from New School University. He lives in the greater Washington D.C./Baltimore, Maryland area with his wife and two children.