This is a neat tool, it estimates how quickly a desktop PC could crack any password you give it – http://howsecureismypassword.net/

To be frank, though, I wouldn’t test any of your genuine passwords, just in case someone is watching. I don’t think it’s a phish farm, but you never know who might be snooping at any given time over a non-secured internet connection. Anyway, here are a few tests. Which do you think is the optimal password and how would you remember it?

a – instantaneously

db – 0.000002704 seconds

abc – 0.000070304 seconds

abc123 – one of the most common passwords

password – ditto

passwordpassword – 5 million years (but probably not secure)

123£”!pwWp – 2 million years

abcdefghijklmnopqrstuvwxyz – 780 quintillion years

nE*56QKmVHS3YV%y#mro – 20-character random string generated by Lastpass – 4 sextillion years

The trouble is, some sites that should no better limit you to 6-9 alphanumeric passwords, but something like ght758 would take just 8 seconds to crack using a bruteforce attack and even 47gkT49sd while taking a year tops could be hit earlier in an attack. It’s time someone implemented a standard for web forms etc that forces users to use a complex mixed string of alphanumeric characters and special characters like %!* etc. Make it so that it would take longer than the age of the universe to crack them.

Your mileage may vary if you test against Microsoft’s password strength meter.

Related articles

• TIP: Don’t use ‘password’ as your password (stuffthatinterests.me)
• How to Create Unbreakable Passwords – Strong Passwords (brighthub.com)
• Password management site plugs info-leak bug (go.theregister.com)
• The 5 Best Browser Security Extensions (businessinsider.com)