How secure is your password? Who wins?!

[bradley]

I created some random passwords with RoboForm. Interesting results regarding character length and content.

Eight upper case
BKGYBDMD = about 13 minutes

Eight upper & lower case
lpyDSFjS = about 2 days

Eight upper & lower case + numbers
ZJ6HSat9 = about 10 days

Eight upper & lower case + numbers + odd characters
ch^1!dQX = about 46 days

Nine upper & lower case + numbers
0S51oZRi8 = about 1 year

Nine upper & lower case + numbers + odd characters
A6n#9DXs% = about 9 years

Ten upper & lower case + numbers + odd characters
DM*m^ybY1r = about 713 years

Twelve upper & lower case + numbers + odd characters
UkJw7fXDJZ%p = about 4 million years

Sixteen upper & lower case + numbers + odd characters
S#Ixg%A*s*0ZD5%h = about 127 trillion years

Twenty upper & lower case + numbers + odd characters
#DLUSga@dL99HZJMxyB* = about 4 sextillion years

Forty upper & lower case + numbers + odd characters
c5e^2mHSeVJ!8uTW5fIIbcBPuFwi6UD!*ncTh4d* = about 127 octodecillion years

One-hundred upper & lower case + numbers + odd characters
My3fA86kPnytJ*xTLDPVrfxKi^^Y0OIRqhAulU9GoDVy3bgcP6M!aJM3j9FQrBV88yhFx&qI77uwHa^fzW1oGIqQ&qd0Pej7#%JL = about 717 quattuorvigintillion years

 

[Powermoloch]

About 629 tredecillion years

 

[TwiceOver]

This probably doesn't include the account lockout that would happen after X amount of tries.

 

[destrekor]

People should list their lengths and complexity. When you're getting into the super large numbers it really requires an impractically long and/or complex passphrase.

This was something I never gave two shits about.
And then my gmail got compromised. And that password was one I used for just about everything.

Now I use a password manager and use it's password generator. All websites on which I have active accounts now have passwords of seemingly keyboard-mash randomness, all 10+ characters. Most use a combination of upper, lower, numbers, and special characters, all generated in random fashion by the software.

And I was actually able to make a very strong master password that I can actually remember (my fingers have it in muscle memory at this point - I've messed it up when typing on a virtual keyboard but only then). And no, I will not type it into that site - my master password is my precious.

 

[Mr. Pedantic]

All everyone is doing by putting real passwords into that website is building a better dictionary.

How does inserting pseudo-random sequences of numbers and letters into this make it better?

Starting from a list of known used passwords is more valuable than starting off with random nonsense. There are some that are used over and over again by people, dictionaries start there. The whole 1qaz2wsx!QAZ@WSX shit is tried well before any random keyboard pounding because someone out there does have to remember it. People have patterns, even collectively. You all are helping create and establish a pattern that people can use to exploit.

Except...most password generators give out random nonsense. And most people are putting in random nonsense (or for shits and giggles). Do you really think that any person would put mycatischasingherowntail as their password...for anything?

 

[bobdole369]

forums and silly webstuff - 4-10 days.
bank and root passwords - 6 billion years-10 trillion years

 

[amdhunter]

Instantly for my ATOT password.

 

[DrPizza]

Yeah im going to type my password into some random site. NOT.

You, and a bunch of others, have implied that you have ONE password. One password that you use for a large number of sites. Problem is, all it takes is for one site to be able to access your passwords and someone has your password for many sites. That's by far one of the easiest ways to "hack" into people's accounts. Simply create a fake, but interesting looking site that requires a password for some mundane reason. Bamm, passwords galore.

 

[Triumph]

0.000070304 seconds

I guess the is not a good password.

 

[Lifted]

It would take About 301 undecillion years for a desktop PC to crack your password


Is that a lot?

 

[lxskllr]

It would take About 301 undecillion years for a desktop PC to crack your password


Is that a lot?

Here's the hierarchy...

arrayOfPeriods['minute'] = 60;
arrayOfPeriods['hour'] = arrayOfPeriods['minute'] * 60;
arrayOfPeriods['day'] = arrayOfPeriods['hour'] * 24;
arrayOfPeriods['year'] = arrayOfPeriods['day'] * 365.25;
arrayOfPeriods['thousand years'] = 31556926 * Math.pow(10,3);
arrayOfPeriods['million years'] = 31556926 * Math.pow(10,6);
arrayOfPeriods['billion years'] = 31556926 * Math.pow(10,9);
arrayOfPeriods['trillion years'] = 31556926 * Math.pow(10,12);
arrayOfPeriods['quadrillion years'] = 31556926 * Math.pow(10,15);
arrayOfPeriods['quintillion years'] = 31556926 * Math.pow(10,18);
arrayOfPeriods['sextillion years'] = 31556926 * Math.pow(10,21);
arrayOfPeriods['septillion years'] = 31556926 * Math.pow(10,24);
arrayOfPeriods['octillion years'] = 31556926 * Math.pow(10,27);
arrayOfPeriods['nonillion years'] = 31556926 * Math.pow(10,30);
arrayOfPeriods['decillion years'] = 31556926 * Math.pow(10,33);
arrayOfPeriods['undecillion years'] = 31556926 * Math.pow(10,36);
arrayOfPeriods['duodecillion years'] = 31556926 * Math.pow(10,39);
arrayOfPeriods['tredecillion years'] = 31556926 * Math.pow(10,42);
arrayOfPeriods['quattuordecillion years'] = 31556926 * Math.pow(10,45);
arrayOfPeriods['quindecillion years'] = 31556926 * Math.pow(10,48);
arrayOfPeriods['sexdecillion years'] = 31556926 * Math.pow(10,51);
arrayOfPeriods['septendecillion years'] = 31556926 * Math.pow(10,54);
arrayOfPeriods['octodecillion years'] = 31556926 * Math.pow(10,57);
arrayOfPeriods['novemdecillion years'] = 31556926 * Math.pow(10,60);
arrayOfPeriods['vigintillion years'] = 31556926 * Math.pow(10,63);
arrayOfPeriods['unvigintillion years'] = 31556926 * Math.pow(10,66);
arrayOfPeriods['duovigintillion years'] = 31556926 * Math.pow(10,69);
arrayOfPeriods['tresvigintillion years'] = 31556926 * Math.pow(10,72);
arrayOfPeriods['quattuorvigintillion years'] = 31556926 * Math.pow(10,75);
arrayOfPeriods['quinquavigintillion years'] = 31556926 * Math.pow(10,78);
arrayOfPeriods['sesvigintillion years'] = 31556926 * Math.pow(10,81);
arrayOfPeriods['septemvigintillion years'] = 31556926 * Math.pow(10,84);
arrayOfPeriods['octovigintillion years'] = 31556926 * Math.pow(10,87);
arrayOfPeriods['novemvigintillion years'] = 31556926 * Math.pow(10,90);
arrayOfPeriods['trigintillion years'] = 31556926 * Math.pow(10,93);
arrayOfPeriods['untrigintillion years'] = 31556926 * Math.pow(10,96);
arrayOfPeriods['duotrigintillion years'] = 31556926 * Math.pow(10,99);
arrayOfPeriods['googol years'] = 31556926 * Math.pow(10,100);
arrayOfPeriods['trestrigintillion years'] = 31556926 * Math.pow(10,102);
arrayOfPeriods['quattuortrigintillion years'] = 31556926 * Math.pow(10,105);
arrayOfPeriods['quinquatrigintillion years'] = 31556926 * Math.pow(10,108);
arrayOfPeriods['sestrigintillion years'] = 31556926 * Math.pow(10,111);
arrayOfPeriods['septentrigintillion years'] = 31556926 * Math.pow(10,114);
arrayOfPeriods['octotrigintillion years'] = 31556926 * Math.pow(10,117);
arrayOfPeriods['noventrigintillion years'] = 31556926 * Math.pow(10,120);
arrayOfPeriods['quadragintillion years'] = 31556926 * Math.pow(10,123);
arrayOfPeriods['quinquagintillion years'] = 31556926 * Math.pow(10,153);
arrayOfPeriods['sexagintillion years'] = 31556926 * Math.pow(10,183);
arrayOfPeriods['septuagintillion years'] = 31556926 * Math.pow(10,213);
arrayOfPeriods['octogintillion years'] = 31556926 * Math.pow(10,243);
arrayOfPeriods['nonagintillion years'] = 31556926 * Math.pow(10,273);
arrayOfPeriods['centillion years'] = 31556926 * Math.pow(10,303);
arrayOfPeriods['uncentillion years'] = 31556926 * Math.pow(10,306);
arrayOfPeriods['duocentillion years'] = 31556926 * Math.pow(10,309);
arrayOfPeriods['trescentillion years'] = 31556926 * Math.pow(10,312);
arrayOfPeriods['decicentillion years'] = 31556926 * Math.pow(10,333);
arrayOfPeriods['undecicentillion years'] = 31556926 * Math.pow(10,336);
arrayOfPeriods['viginticentillion years'] = 31556926 * Math.pow(10,363);
arrayOfPeriods['unviginticentillion years'] = 31556926 * Math.pow(10,366);
arrayOfPeriods['trigintacentillion years'] = 31556926 * Math.pow(10,393);
arrayOfPeriods['quadragintacentillion years'] = 31556926 * Math.pow(10,423);
arrayOfPeriods['quinquagintacentillion years'] = 31556926 * Math.pow(10,453);
arrayOfPeriods['sexagintacentillion years'] = 31556926 * Math.pow(10,483);
arrayOfPeriods['septuagintacentillion years'] = 31556926 * Math.pow(10,513);
arrayOfPeriods['octogintacentillion years'] = 31556926 * Math.pow(10,543);
arrayOfPeriods['nonagintacentillion years'] = 31556926 * Math.pow(10,573);
arrayOfPeriods['ducentillion years'] = 31556926 * Math.pow(10,603);
arrayOfPeriods['trecentillion years'] = 31556926 * Math.pow(10,903);
arrayOfPeriods['quadringentillion years'] = 31556926 * Math.pow(10,1203);
arrayOfPeriods['quingentillion years'] = 31556926 * Math.pow(10,1503);
arrayOfPeriods['sescentillion years'] = 31556926 * Math.pow(10,1803);
arrayOfPeriods['septingentillion years'] = 31556926 * Math.pow(10,2103);
arrayOfPeriods['octingentillion years'] = 31556926 * Math.pow(10,2403);
arrayOfPeriods['nongentillion years'] = 31556926 * Math.pow(10,2703);
arrayOfPeriods['millinillion years'] = 31556926 * Math.pow(10,3003);

 

[ElFenix]

Do you really think that any person would put mycatischasingherowntail as their password...for anything?

 

[Ichinisan]

Are any of you fools still submitting your password to this site?

Anyway, my "usual" password has context-sensitive characters based on whatever I'm logging-in to. Even those characters are obfuscated so it's not obvious even if my password is compromised.

 

[Leros]

I think the worst password in the world is aardvark.

 

[HamburgerBoy]

Your password is one of the 500 most common passwords.

 

[guyver01]

It would take
About 7 septendecillion years
for a desktop PC to crack your password

password:
asasasasasasaasasasasasasasasasasasasasasasasasas

 

[manlymatt83]

Mine is pretty good:



http://howsecureismypassword.net/

Try to use your real password, not random crap just to get a good rating. :biggrin:

It would take

About a trillion years

for a desktop PC to crack your password

 

[HamburgerBoy]

millinillion

A hip hop artist needs to use this.

 

[DivideBYZero]

Are any of you fools still submitting your password to this site?

I have a clue I can sell you for $2.

 

[HamburgerBoy]

I have a clue I can sell you for $2.

Why are you so insistent in denying any possibility of funny-business on the part of this site? Are you a co-conspirator?

 

[Codewiz]

Why are you so insistent in denying any possibility of funny-business on the part of this site? Are you a co-conspirator?

Open the damn webpage source and look yourself. Unless I missed something critical, everything is client side javascript on that page. Therefore, would you mind explaining what "funny" business is going on.

If there is funny business, then they are exploiting a web browser vulnerability to capture the input.

Not likely.

 

[DisgruntledVirus]

72 virgins

 

[Lean L]

About 301 million years

 

[darkewaffle]

Open the damn webpage source and look yourself. Unless I missed something critical, everything is client side javascript on that page. Therefore, would you mind explaining what "funny" business is going on.

If there is funny business, then they are exploiting a web browser vulnerability to capture the input.

Not likely.

Bottom of the page links to facebook and twitter!

Your passwords are being posted to everyone's wall and tweeted!

 

[sonicdrummer20]

It would take

About 6 trillion years

for a desktop PC to crack your password