How long would it take for the Tianhe-2 Supercomputer to crack it? 2 seconds, 3 minutes, 18 days? I hope yours was at least a week, but luckily most hackers and bots do not have supercomputers. So how does it rate against the Conficker botnet? Hopefully at least a day, that would give you enough (barely) time to change a few passwords if you knew you got hacked.
I’ve told countless friends and family members over the last few years that I maintain dozens and dozens of strong passwords, and I could recite any of them on the spot (obviously I wouldn’t!). The usual reaction is “nuh uh”, or “what?! how?”. And I get it, passwords are not fun, so instinct tells most of us to just enter something quick and easy. I mean, it’s not like anybody wants to hack me right, I’m broke! That is completely false, information is money nowadays so anything is better than nothing. Heck, even “legitimate” big companies like Google, Target, or even your local grocery store are looking for ways to farm as much information about you as possible! Ever go to a store and they ask for your phone number?
Yeah, that’s completely unnecessary in my mind too.
But that’s just the tip of the iceberg, and drifting into another topic. So how do I create a strong yet easy to remember password, that’s the whole point here right? Alright, I’ll tell you a method similar to what I’ve been using for years. Keep in mind that it isn’t the most secure, but all my passwords would take a proficient bot weeks if not years to hack. If I were to get hacked I would have plenty of time to reset and shuffle them around.
It’s all about having a system, and sticking to it. Here’s an example:
A FaceBook password:
But wait a minute, aren’t regular words insecure? Yes, kind of, well, yeah it depends on how you use them. If your password is password or ilovecake then yes that would take a bot less than 5 min to crack. Okay, so why would it take a supercomputer ~3 months to crack
That’s it, you’ve got uppercase letters, symbols, numbers, and 21 characters. So what makes it easy to remember?
This drawing I did on a white board should clear it up a little bit:
- F comes from Face, and people on FaceBook can be Ferocious
- B is for book, and I think you can guess where Bimbos comes from.
- The number 7102 is backwards for 2017, the year you last changed your password.
- And the symbols are from a set you chose to stick with.
Basically you pick a few letters that associate with the services name, a number that’s related to the password or service, and a set of chosen symbols in between them.
Here are a few more examples, with unique systems in place (and their supercomputer crack time):
|Service||Password||Time to Crack|
|Wells Fargo||5 hundred quadrillion years|
|Spotify||8 nonillion years|
|Steam||64 quindecillion years|
Unfortunately, Steam only allows 30 characters last time I checked, but nevertheless that is a strong password that would be easy to remember. I am not going to explain the system behind each of these examples, I’ll leave that up to you for pondering, either now, later, or never. But the main point is that each has a system, that if stuck to will provide you much stronger passwords than the average persons.
Now, I do want to stress one point about this whole thing; this password system is not perfect. It could be improved in many ways if you’re feeling creative. Examples include:
- Use more symbols
- Reverse each word
- Letter / Symbol swap (E=3, but carefully selected!)
- Letter Count ( Ferocious%9Bimbos(6 )
- Letter Position
Of course, you could skip all this and use a service like LastPass, and only have 1 password to rule them all! I personally don’t use it, but it’s been highly recommend by other developers I know (who know a bit about encryption and security).
Don’t use: Dummy123 as a password, instead use