Many of us remember the good old days, when all that was required to have a viable password was a catchy word or two that was 6-8 characters in length. But these days, password requirements are much different. With the number of people using the internet increasing, this means more user accounts being created than ever, which means more of our information is available for capture by hackers.
Even if it’s seemingly insignificant, any online account can contain information that a hacker deems to be valuable. If not your own information, then another whose information you have stored in an online account can be at risk. And so having a password that is as un-crackable as possible just makes sense.
Unfortunately, today’s password requirements are resulting in a lot of stress for some people. Today’s rules regarding passwords are to keep things complex. This means that most passwords these days not only have an up to 16 character requirement, but also need to contain letters as well as numbers in addition to upper and lower cases. With many computer experts urging users to create passwords they can easily remember, these new requirements are understandably causing some frustration.
More Frustration = More Security?
Two studies were conducted which looked at the construction and length of passwords. Two types of password construction were involved: long passwords with only characters, and complex passwords having the character/number/case combination. It was discovered that when password-cracking algorithms were applied to the former, they were more easily thwarted. So how good are complex passwords if they don’t frustrate the hacker, but frustrate everyone else?
Yes and No
Another school of thought suggests that complex passwords may be enough to protect computer users from being hacked. But it is a double-edged sword. Using a complex password definitely makes it impossible to guess. A hacker who tries to obtain passwords via random guesses will eventually be locked out of trying to access an account once their number of attempts has been reached. Once this occurs, the owner of the account is very likely to be notified of a suspicious login attempt.
Complex passwords are, however, no match for the hacker who already has administrative access to an account. If this is the case, then the individual is very likely to have access to some very powerful tools that will allow them to crack complex passwords, albeit at their leisure. All this requires is to save the system passwords and send them to a location that is closer to the hacker’s home, so to speak.
The Password Process
Prior to any password being stored, it is ‘hashed’, or undergoes an algorithm which transforms it. These days, the algorithm that is usually used is not easy for hackers to crack. The brute force attack is one way to crack a password, and involves using a computer to run several different combinations of the password until the right combination has been reached.
How long the brute force approach takes before revealing a password depends on a few factors. These factors include length of the password, which character set was used, and how many algorithms the computer can check per second.
Most modern computers will only take about two seconds to figure out the algorithm that was used to create a password. This means that as many as 500,000 or more passwords per second can be figured out.
The Question Remains
Many computer users are still asking why the long and easy to remember password approach seems to offer more security than the shorter, yet complex option. Experts opine that the reason longer passwords may be more resilient is due to the lack of quality guessing data available for long passwords. But this will change should the requirements change and everyone everywhere starts using long passwords as opposed to shorter and more complex ones.
Guest author Jesse Schwarz writes on a variety of topics related to technology, including website and internet security. He recommends http://www.internet-serviceproviders.com/, a resource dedicated to educating parents on internet safety for children and anti virus protection.