How secure is your password?

**Scott Shepherd** · 07-05-2014, 11:59 AM

Saw this link a while back, and it's got me split because in one way I think it's great info, on the other hand, it could be a bad thing.

It checks your password and tells you how safe it is. However, there's a note on the site that says "We could be stealing your password, but we're not, be careful where you enter your password".

Well, if you were stealing my password, do you think you'd say "I'm stealing your password?". Granted, having any password and not having any login information for anything at all is pointless, but it's still interesting to think how easy it would be to get people put it in their passwords.

I'd recommend if you're paranoid, don't type your password, but type something close. If your password is "William564", put in something similar instead. You'll get the same results.

I was a bit shocked to see how much can be cracked "instantly", but also quite happy to see my combinations run into the 100's of days to crack with a normal PC trying to crack it.

https://howsecureismypassword.net

**Alan Gan** · 07-05-2014, 12:10 PM

It is always best to use a combination of Letters both capitols and not, numbers and special symbols, even though I have been to some sites that do not allow symbols (how dumb is that). You can be pretty safe as long as the password is long enough and does not spell anything. Password crackers 1st look for common words. For some reason I think you already know all this.

**Mike Cutler** · 07-05-2014, 12:26 PM

My strongest password would take 58 years according to them. My weakest is about 10 seconds.

**Tony Joyce** · 07-05-2014, 1:24 PM

Interesting site. I used my typical password generator using 20 characters and got this reply "It would take a desktop PC about 5 quintillion years to crack your password"

Sweet, I feel pretty confident about that. Using 30 characters, I get "It would take a desktop PC about 4 undecillion years to crack your password"

Tony

**Art Mann** · 07-05-2014, 2:16 PM

Accounts that people would really want to keep secure - bank account access for example - will only allow three tries and then you are locked out until you get the password reset by some secure method. The probability that some thief would guess even 6 random letters that are known to be all caps with no numbers or special characters in three tries is approximately zero. The problem I see in password security is using the same combination of characters on multiple accounts. One should never do that. If the person who maintains this forum were to decide to fake the website and grab our passwords when we attempt to log in, he could probably gain access to hundreds of accounts just because so many people use only one password for everything.

**Michael Weber** · 07-05-2014, 2:50 PM

lol mine was 26 THOUSAND years. Edited to say I went back and it actually looks like it might be an ad for Roboform or a way to drive customers to their website.

**Tom Fischer** · 07-13-2014, 2:38 PM

Originally Posted by Art Mann

Accounts that people would really want to keep secure - bank account access for example - will only allow three tries and then you are locked out until you get the password reset by some secure method.

That's correct. And locked means locked to everybody, including the security engineers at the bank/brokerage, plus any and all hackers. The only way to unlock is usually to answer the "Memorable Questions" (e.g. "First name of your best man" ,etc.). So... don't ever store your memorable answers on your computer.

Financial transactions are very secure. Whenever you read about lists of passwords being stolen, that is from "flat files" (which Sawmillcreek.org probably uses), not encrypted security applications, like Siteminder, which all bank/brokerages use. At the latter, there are NO employees who have access to your password.

Disclaimer: worked at HSBC.com secure portal for 5 years.

**Phil Thien** · 07-13-2014, 4:17 PM

Originally Posted by Tom Fischer

And locked means locked to everybody, including the security engineers at the bank/brokerage, plus any and all hackers.

There is always someone that can get in.

Always.

**Scott Shepherd** · 08-05-2014, 10:10 PM

Oh well, forget everything discussed.....

http://www.nytimes.com/2014/08/06/te...ials.html?_r=0

**Dan Hintz** · 07-05-2014, 3:26 PM

I wouldn't hold too much of a candle to how they're determining the strength. It makes some assumptions about passwords that are not necessarily valid.

**Bruce Page** · 07-05-2014, 5:20 PM

"It would take a desktop PC about 465 million years to crack your password"

Great, now I just have to remember it.

**Alan Gan** · 07-06-2014, 12:52 AM

You all really went to the site, I'll just have to guess what it would have told me. Better change your passwords now. Lol

**Dan Hintz** · 07-06-2014, 8:57 AM

Originally Posted by Alan Gan

You all really went to the site, I'll just have to guess what it would have told me. Better change your passwords now. Lol

Why? It has no concept of who I am other than my IP, nor does it know what possible accounts said passwords are attached to.

Paranoia is only useful when there's logic behind it...

**Curt Harms** · 07-06-2014, 9:38 AM

Something that would help with password security is for sites where security matters - where financial and sensitive personal information reside - would be to not limit passwords to 8 or 12 characters. Something like fragments of 3 or 4 sentences is easier to remember than 10 or 15 random characters. Here is a similar site but gives strength when attacked with parallel GPUs or medium sized botnets. It also has a dictionary checker.

http://password-checker.online-domain-tools.com/

Here is the result of a password sort of relevant to a woodworking site:

Li3-Nielsen52+Ver1tas=WWBlis$

pw1.png

**Charlie Velasquez** · 07-06-2014, 11:21 AM

Originally Posted by Curt Harms

.... Something like fragments of 3 or 4 sentences is easier to remember than 10 or 15 random characters.

This.
For sites like Sawmill I have a one word password, sometimes with a number thrown in. For email, Amazon, insurance companies, financial institutions, I have a sentence related to that institution with special characters/numbers inserted in appropriate places. Even with a 12 character limit, something simple like "Iliv3@Iowa52" . Following capitalization rules-helps to remember; substituting 3's for all e's; finishing up the 12 character max with the numbers from my zip code, is easy to remember and gives a time of 344,000 years according to the first web site and 77% on the 2nd, which seems to be the best you can do with a 12 character limit.

My online banking is a twenty character sentence AND I opted to have the bank text me to send a 1-time use access code anytime I try to log in from an unfamiliar machine.

Thread: How secure is your password?

Thread Tools

Rate This Thread

Display

Hybrid View

How secure is your password?

Posting Permissions