Cracking Passwords Test

Want to test your password strength? Well, Hackosis has a very interesting method. You don’t give it your password, you simply tell it how many different types of character there are in your password and it works out how long it would take a standard PC to run a bruteforce attack. The results could be very frightening, particularly if you use simple, short passwords.

So, if you have a password made up of six letters, four numbers and one non-alphanumeric character, a percentage sign, say. Then the Brute Force Calculator reveals that your password is 11 characters long, which means 98,853,048,320,000 possible combinations. That will take a typical 2008 under 10% load almost 360 hours (15 days) to crack, assuming it is trying almost 140 billion passwords per hour.

A password made up of just ten alphanumerics and no special character will crack in just over 11 hours, whereas a password of just six letters (no numbers, no special characters) can be broken in no time at all. 6 characters long has 308,915,776 combinations, so a couple of hours at most.

The lesson to be learned is that if you want to protect your logins then, simple passwords are useless. For an idea on how to create strong passwords check out my passwords for scientists post.

By the way, don’t think you’re totally protected just because you have a password resistant to bruteforce. Bruceforce attacks are not the only way hackers can get into your accounts. According to a recent report on ghacks about a hacking horror story: a certain webmaster’s GMail account was hacked even though he was using a secure scrambled password of 15 characters. “If it’s that easy to gain access to GMail perhaps their security needs to be looked at.” So, think on.