Monday, April 17, 2006
How strong is your password? Eye-opening article.
Does it seem like your company's IT department makes up password rules just to make life difficult?
Ever wonder how much difference all those irritating rules make in real life?
There's a fun web page with estimates of how long it would take to use brute force trial and error to guess different kinds of passwords. Don't take the exact numbers too seriously, and focus your attention on the columns labeled "Class D" and "Class E", which are the most likely for a real attacker.
Dictionary words are hopeless. A well equipped attacker can try a hundred million passwords per second and there are only a few hundred thousand words in the dictionary.
That page is part of a site which is a security resource for home users, not unlike The Security Mentor. It seems to be a bit more technical, so check it out if you want more depth than this newsletter but not as much as The Security Nerd.
|
Ever wonder how much difference all those irritating rules make in real life?
There's a fun web page with estimates of how long it would take to use brute force trial and error to guess different kinds of passwords. Don't take the exact numbers too seriously, and focus your attention on the columns labeled "Class D" and "Class E", which are the most likely for a real attacker.
Dictionary words are hopeless. A well equipped attacker can try a hundred million passwords per second and there are only a few hundred thousand words in the dictionary.
That page is part of a site which is a security resource for home users, not unlike The Security Mentor. It seems to be a bit more technical, so check it out if you want more depth than this newsletter but not as much as The Security Nerd.
# posted by Frederick @ 8:27 PM Email to a friend:
Haloscan: they provide trackback