How Secure is YOUR Password?

I found an interesting site to check the passwords one may use in their various websites, email, etc.

Go to: http://howsecureismypassword.net/ to check it. The website jokingly states: Created by smallhadroncollider

For what its worth, my password would take 5 days to hack. However, it I change one of the letters to an Upper-Case it would take 252 days!

Information

Here is some info from the FAQ section of the website.

Is This Safe?

It is actually. I'm not harvesting passwords into an evil database. Of course that's exactly the sort of thing I would say if I were harvesting them. And it wouldn't be hard to do it: a couple of lines of code and I'd have all your passwords. Mwuhahahahahaa! But, to be honest, I don't know what I'd do with them. Make a cake perhaps.

The bit of code that does the calculations is done in JavaScript. And JavaScript is a "client-side" language. That means it runs on your computer – not on ours. No data ever travels from your computer back to the website. You can check this by loading up the webpage and then turning off your internet connection. You'll still be able to use the website to your heart's content.

However, for the super-paranoid among you, you could just type in something a bit like your password rather than your actual password. In fact, that's probably a good idea anyway. Just in case I'm lying.


Is This Accurate?

It all depends on who's trying to hack your computer and how they're trying to do it. There are many different ways to try and crack a password and this site only does the calculation for one particular sort of hacking attempt: The Brute Force Attack.

To be honest, it's more likely that the first thing a hacker would try is a Dictionary Attack. This involves trying every word in the dictionary and can be done by a computer in a few seconds. So if your password is just a single word (like "scuttlebutt" or "indubitable") you're probably not very safe.

"Why doesn't the site do a quick check against a dictionary then?", I hear you ask. "Good question", I reply (in interpretative dance). Well, there are two ways I could do that. The first way would be to check the password you type against an online dictionary. But that would involve sending your password over the interwebs, which would be wonderfully insecure. The second way would be to include a full dictionary in the JavaScript file that the site runs on your computer. But that would slow down the site and make the hosting more expensive. So I just don't bother.

Moral of the story? Don't use words out of the dictionary for passwords.

How It Works
It's just a bit of simple maths: (number of possible characters to the power of length of the password) divided by calculations per second Length of the password is nice and easy to work out: it's just the number of characters in your password. For example 'cat' has 3 characters and 'monkey' has 12.
"Monkey has 12?", you ask.
"No it doesn't", I reply, "It's got 6. You should probably learn to count."

Calculations per second is a bit more of a figure. On the site it's set to 10,000,000, which is an approximate number of passwords a regular computer might be able to try every second. But it's going to depend on the computer as well as what the password is for. A lot of sites and programs won't let you try more than three passwords in the space of ten minutes, which would render a brute force attack pretty useless.

Number of possible characters is a bit more complicated. For alphanumeric characters it's easy enough: there are 26 possible lowercase characters; uppercase adds another 26; digits add another 10. It gets a bit more tricky after that: there are well over a million other symbols that a computer is capable of putting into a text field – e.g. ?, ß, Й, 葉, ☯. Not all sites and programs can accept these in password fields and different hacking tools will try different non-alphanumeric characters.

Currently this site will only check against the 13 most common symbols in English: ! @ # $ % ^ , & * ? _ ~ -

Any other symbols will be ignored. That's not ideal, but I've not thought of a better system yet.


Here's a site to go to for info on creating secure passwords: http://www.lockdown.co.uk/?pg=password_guide

While we are on the password subject, here is another intersting article

How to create a 'super password'

-- Say goodbye to those wimpy, eight-letter passwords.

The 12-character era of online security is upon us, according to a report published this week by the Georgia Institute of Technology.
The researchers used clusters of graphics cards to crack eight-character passwords in less than two hours.
But when the researchers applied that same processing power to 12-character passwords, they found it would take 17,134 years to make them snap.
"The length of your password in some cases can dictate the vulnerability," said Joshua Davis, a research scientist at the Georgia Tech Research Institute.
It's hard to say what will happen in the future, but for now, 12-character passwords should be the standard, said Richard Boyd, a senior research scientist who also worked on the project.
The researchers recommend 12-character passwords -- as opposed to those with 11 or, say, 13 characters -- because that number strikes a balance between "convenience and security."
They assumed a sophisticated hacker might be able to try 1 trillion password combinations per second. In that scenario, it takes 180 years to crack an 11-character password, but there's a big jump when you add just one more character -- 17,134 years.
Passwords have gotten longer over time, and security experts are already recommending that people use full sentences as passwords.
Here's one suggested password-sentence from Carnegie Mellon University:
"No, the capital of Wisconsin isn't Cheeseopolis!"
Or maybe something that's easier to remember, like this:
"I have two kids: Jack and Jill."
Even though advances in cheap computing power are making long, complicated passwords a necessity, not all websites will accommodate them, Boyd said.
It's best to use the longest and most complex password a site will allow, he said. For example, if a website will let you create a password with non-letter characters -- like "@y;}v%W$\5\" -- then you should do so.
There are only 26 letters in the English alphabet, but there are 95 letters and symbols on a standard keyboard. More characters means more permutations, and it soon becomes more difficult to for a computer to generate the correct password just by guessing.
Some websites allow for super-long passwords. The longest one Boyd has seen is at Fidelity.com, a financial site that lets users create 32-character passwords.
On a Microsoft website devoted to password security, the tech giant tells the password-creating public not to use real words or logical combinations of letters. That keeps you safer from a "dictionary attack," which uses a database of words and common character sequences to try to guess the code.
The Georgia Tech researchers carried out a "brute force" attack when they determined that passwords should be at least 12 characters long.
To do so, they deployed computer graphics cards, which are cheap and can be programmed to do basic computations very quickly.
The processors in those cards run simultaneously, trying to guess all of the possible password combinations. The more characters in a password, the more guesses are required.
But if your password has to be really long in order to keep up with this computational power -- and if you're supposed to have a new password for each website you frequent -- then how are you supposed to remember everything?
That's a real problem, the Georgia Tech researchers said.
There are a few solutions, however.
A website called Password Safe will store a list of passwords for you, but Boyd and Davis said it may still be possible for a hacker to obtain that list.
Other companies sell tokens that people carry around with them. These keychain-sized devices generate random numbers several times a minute, and users must enter those numbers and a shorter password to log in.
Some sites -- Facebook for example -- are marketing their log-ins and user names as a way to access sites all over the Web.
That's good for the user but is potentially dangerous because if hackers figure out a single password, they can access multiple banks of information, the researchers said.
The reason passwords have to keep getting longer is that computers and graphics cards are getting faster, the Georgia Tech researchers said.
"These things are really inexpensive -- just a few hundred dollars -- and they have a performance that's comparable to supercomputers of only just a few years ago," Boyd said of fast-processing graphics cards.
Maybe our brains will have to get bigger and faster, too. We'll need some way to remember these tome-like character strings.



Find this article at:
http://www.cnn.com/2010/TECH/innovat...rds/index.html

5 days all lowercase, OK lets start with aaaaaaaa.

How to make extremely secure passwords:

https://www.grc.com/passwords.htm

Told me my password would take a quintillion yrs to crack... That's NOT and invitation for all you uber geeks to try.. lol.

Now that is a load of mule muffins if I ever heard it! LOL!

Well I'm a very complex person so maybe my passwords are as well. ;-)

Um....

So I guess I'm safe huh........ ;-)

It would take
About a quadrillion years
for a desktop PC to crack your password


hmmm, do i have the time?