How Pathetic Is Your Password?

Tue Apr 4, 2006 1:36PM EDT

See Comments (138)

Think putting a "1" on the end of "daisy" is going to stymie crackers intent on breaking your password? Turns out that with a reasonably up-to-date computer, a dedicated hacker should be able to break it, by brute force, in about an hour and a half.

Lockdown.co.uk has a handy document that shows just how secure your password really is, based on its length and the type of characters you use in it (all numbers, letters and numbers, uppercase/lowercase, special symbols, etc.).

Think about your most common passwords, then visit the site. You'll be most interested in the results for a "Class D" attack, which represents somone with a single, very fast PC. (Class E and Class F represent multiple PC attacks and aren't as likely to be involved with someone trying to break into your eBay account.)

As an example, the site notes that a password like "darren" would take all of 30 seconds to break. "Land3rz" would take 4 days. And "B33r&Mug" would take 23 whopping years.

Key to great security isn't just length, but adding in non-traditional characters, too: A great password should be eight characters long (or more), and include at least one number, one uppercase letter, and one special character like an ampersand. To make it easy on yourself, try using the same button on the keyboard in both lower- and uppercase versions. For example: "JjKkIi*8" requires you only hit four different keys (plus Shift), and they're all clustered in a tight group.

Comments on How Pathetic Is Your Password?

Post a Comment

Join in the discussion. Here you'll see the comments in the order they were posted.

  • 26 Posted by koffeelava on Thu Sep 3, 2009 4:53PM EDT Report Abuse

    It is easy to create a password from the first letter of a poem or national anthem: GspDndsStoNppRmrTszrThtpAtnk How long will it take to crack this?

  • 27 Posted by mullerkp on Thu Sep 3, 2009 7:30PM EDT Report Abuse

    I don't understand this. If there was a dealy of the feedback of just one second, in other words, the response from the computer to be hacken into, is coming with 1 second delay, then the password hacking takes 10,000 to 1,000,000,000 times longer. To guess all 1 million cominations of a simple 6 digit numerical password would take 11.5 days. And by the way, usually it's over after the first three attempts.

  • 28 Posted by m6333h on Thu Sep 3, 2009 7:01PM EDT Report Abuse

    What about an article, where passwords are sold?

  • 29 Posted by sparky_3150 on Thu Sep 3, 2009 9:35PM EDT Report Abuse

    why would a hacker want to check my email anyway?

  • 30 Posted by vivekgec2000 on Thu Sep 3, 2009 10:36PM EDT Report Abuse

    What happens if the passwords that we use are names of people??? Will they also figure in the list?? Vicky

  • 32 Posted by kmedcoff on Thu Sep 3, 2009 4:52PM EDT Report Abuse

    it would be great if the link for the password checker actually worked instead of directing me to an error page.

  • 33 Posted by austinrools on Thu Sep 3, 2009 2:59PM EDT Report Abuse

    thanks for the advice. i'm gonna go change my password

  • 34 Posted by vkwilliams28@sbcglobal.net on Thu Sep 3, 2009 10:36PM EDT Report Abuse

    Never been explained before so that I could understand how a password can be so easy to hack or how I could come up with one that would make sense to me. If it so easy to hack why use one?

  • 35 Posted by myrtleclub on Thu Sep 3, 2009 7:31PM EDT Report Abuse

    posted by myrtleclub sunday jan 21 . as you can see,i am not a whiz on the computer,however this was a great help ,my passwords are being changed as soon as i finish making a total fool of myself in this response.THANKS A BUNCH.

  • 36 Posted by astingfan on Thu Sep 3, 2009 2:58PM EDT Report Abuse

    I have been annoyed at how difficult my company makes our passwords. Now I will change all my passwords on personal accounts.

  • 37 Posted by vin_niv12 on Thu Sep 3, 2009 10:36PM EDT Report Abuse

    Thank you very much, my password showed up on the list that you have provided, W will change it right away, Cheers.

  • 38 Posted by brcohea@sbcglobal.net on Thu Sep 3, 2009 3:12PM EDT Report Abuse

    Given enough time, anyones password could be found, and easily. Also, in todays media, "hacker" is just a stupid buzzword. Anyone that knows how to install/format a hard drive through MS-DOS is instantly labelled as a "hacker", while a real def of a "hacker" can be found on one of Maddox's pages. Personally, I hate the word, and it shouldnt be used at all, either way. Also, a lot of really stupid passwords can be figured out by hand..rofl. BTW, Yahoo, your link to the password rating site is broken.

  • 39 Posted by phurm on Thu Sep 3, 2009 8:10PM EDT Report Abuse

    The link doesn't work--sends to wordpress in uk

  • 40 Posted by tiggycat041 on Sun Jan 21, 2007 9:13AM EST Report Abuse

    I tried the link given in this article (lockdown.co.uk) but was unable to connect.

  • 41 Posted by g_bmiller on Thu Sep 3, 2009 4:15PM EDT Report Abuse

    After seeing a ton of extensive research about following different rules on password security I think there is A more simple way instead of following all of the extensive studies is to allow a password length of 4 to 12 and a 2 minute delay after 3 failed attempts per username and require password not to match a dictionary test of 100000 common words: 1234567890-=!@#$%^&*()rtyuiopasdfghjklzxcvbnm,.QWERTYUIOPASDFGHJKLZXCVBNM? = 76 = 33362176 different combinations - 100000 common dictionary and obvious passwords i.e. 0000 or aaaa which will give you 33262176 different combinations if you have 3 unsuccessful attempts you have 2 min in the penalty box so if you have a 4 place password it would take 3 attempts then 2 min delay = 11087392 minutes = about 21 years to crack just for a 4 place password. Remember the more complicated a password is the more likely someone will write it down which defeats the purpose of having a password in the first place.

  • 42 Posted by vinogreeva.olga on Thu Sep 3, 2009 10:36PM EDT Report Abuse

    a bit hackneyed, ah? you have forgotten to say "do not put it on your screen or share it with anyone". I am not ironic, this is rife. Or it can happen like that -- someone sends you an e-mail saying: "we need to update our site -- retype your old password in this letter and change it if you want". BEWARE!

  • 43 Posted by vinogreeva.olga on Thu Sep 3, 2009 10:36PM EDT Report Abuse

    lmtan888, your password is the best!! ;) but the problem is hackneyed

  • 44 Posted by whooyouz on Thu Sep 3, 2009 10:45PM EDT Report Abuse

    if i changed my password now after 7 years i am afraid i will not find everyplace that i placed a password but i use a Spanish word spelled wrong with numbers also an obscure native American word will work with numbers added, or name KateriX11 = Catherine12 j lang

  • 45 Posted by dinjos_099 on Thu Sep 3, 2009 3:43PM EDT Report Abuse

    I lost my email acocdunt last year...and can't log in. Then I almost lost again early part of the year, however I just went back to have it changed to a more secure one. This article has so much information for people like me to make email account secured. Thank you so m,uch.

Post a Comment

Sign In to Post a Comment

My Tech

Please enable your browser's cookies to activate the My Tech column.

Also on Yahoo! Tech

Computers Home Office Wi-Fi & Networking Phones & PDAs Cameras & Camcorders TV & Home Theater Portable Audio
 

Site Map | Tour | Subscribe to Yahoo! Tech

Question and Answer content at Yahoo! Tech is written by Yahoo! users at Yahoo! Answers. Yahoo! does not evaluate or guarantee the accuracy of any Yahoo! Answers content. For more information, read the Full Disclaimer.

Opinions expressed by the Advisors are their own and do not necessarily reflect the views of Yahoo! Inc. Yahoo! receives no compensation from any manufacturer or distributor nor does it compensate any Advisor for the coverage of any product or service in any Advisor's content.