It’s Time To Change Your Passwords 4

Every year when we change our clocks to and from Daylight Savings Time, we are all reminded to change the batteries in our smoke alarms. This is good advice, and I generally follow it. I am afraid of fires, and the smoke alarms keep me feeling somewhat safe.

According to an article in Yahoo! today, we face large risks because most of use online passwords that are easily cracked. Some people are still foolish enough to use 1111, or 1234, their birthday, or some other easily guessable piece of personal information. The reason we do this is that we need something easy to remember. But, according to the article, 90% of all the passwords used are vulnerable to hacking.

Think of the fun someone could have getting into your online bank account, or your online investment account. Think disaster!

So, that’s why I think it is time for everyone to change their critical passwords, and we should do it at least once per year. Make it something that is not so easy to remember. Make it something you have to memorize, or something you can keep in a secure place. After all, it is only your life and how you live it at stake.

I just changed my banking and investment account passwords. It was easy. I spent a few minutes planning the new passwords. I used the services of a web site that will generate random characters for you in strings of 63 characters long. No, you don’t need a password that long, but if you do it is very easy to accomplish. Keep a text copy, and just copy and paste into the password forms when you need it. It is virtually impossible to memorize that many characters, and virtually impossible to crack, too.

Here’s the site: https://www.grc.com/passwords.htm.

It is part of the Gibson Research Corporation website run by Steve Gibson, famous computer security expert. There are lots of free security services that he offers, and the “Perfect Passwords” page is one of them. When you surf onto the page, it automatically generates a new set of random passwords. You don’t need 63 or 64 characters, so just grab eight to twelve characters from the string, write them down, and memorize them. Remember that they are random characters (A-Z), (a-z), and (0-9). You can choose another string that contains random punctuation characters thrown in, but many banks do not allow punctuation or other special characters in your password.

Here is a 63 random character string:

63 random alpha-numeric characters (a-z, A-Z, 0-9):
nBDnH6rDFth3TfOCuAnyFIgOkMF4vE9EH5doMrHRQNxOWHrhm0qxCMlRqYsoFwv

Just pick eight or twelve from this string. I am using a twelve character string, and it is very secure. Yes, you HAVE TO MEMORIZE it. Do you want someone to get into your bank account?

Another service Gibson offers tests the strength of your password. Here is an example using the first eight characters of the 63 character example I gave you. – nBDnH6rD

Time Required to Exhaustively Search this Password’s Space:
Online Attack Scenario:
(Assuming one thousand guesses per second)
70.56 centuries
Offline Fast Attack Scenario:
(Assuming one hundred billion guesses per second)
36.99 minutes
Massive Cracking Array Scenario:
(Assuming one hundred trillion guesses per second)
2.22 seconds

You can test your password on this page:  https://www.grc.com/haystack.htm.

Now, if someone could generate one hundred trillion guesses per second, they could brute force crack your random eight character password in a little over two seconds. I don’t think there is a computer on earth that can do that. So, just look at the 70 or so centuries it would take a computer to crack it at one thousand guesses per second, and you get the idea. Rest assured that if the CIA wants your stuff, they will get it. They are the government, but even they would have problems cracking this password.

Do yourself a favor and change your password. Spend at least a half-hour playing with new passwords by writing them down and memorizing them before making changes. If you mess it up, you can always call the bank and try again.

Have a safe and prosperous year. Keep your guns and money close.

4 comments

  1. I took the time and trouble to test my 12 character password. It had to be fairly easy to type. I memorized it before using it. Keep it safe.

  2. I feel the same way, but I had been using the same passwords on my bank accounts for years. It was time to change them, and to not rely on family birthdays or pet names. I found it was not all that hard to memorize a couple of new ones. Of course, I have them written down and stored away in a secret underground location.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s