Hacker offers password protection tips

Your password is weak, WEAK I tell you! Well, actually, we’re not the one’s telling you, John P of One Man’s Blog and the CEO of iFusion Labs is.

John P reckons it would be easy peasy to hack around 20 per cent of people’s passwords, simply by using the following top 10 list:

  1. Your partner, child, or pet’s name, possibly followed by a 0 or 1 (because they’re always making you use a number, aren’t they?)
  2. The last 4 digits of your social security number.
  3. 123 or 1234 or 123456.
  4. “password”
  5. Your city, or college, football team name.
  6. Date of birth – yours, your partner’s or your child’s.
  7. “god”
  8. “letmein”
  9. “money”
  10. “love”

But even if you’re not dummy enough to use one of the above, John P believes he could still get his grubby paws on your password protected data, because you’re probably still not careful enough with your password selection.

While hackers can easily carry out a Brute Force Attack to crack your not-so-cryptic passcode, you could apparently greatly reduce the risks simply by choosing a longer and more secure password. Yes, seriously.  It’s that easy.

Basic common sense, says John P, means you shouldn’t be using the same password for all your logins, for a start. Why? Because it’s like putting all your eggs in one basket.

A hacker gets hold of one and he has access to everything. Also, while your bank website may have extra security measures to protect against brute force hacking attempts, other sites you use the same password for probably don’t.

“So, all we have to do now is unleash Brutuswwwhack, or THC Hydra on their server with instructions to try say 10,000 (or 100,000 – whatever makes you happy) different usernames and passwords as fast as possible,” writes John P.

But you could thwart John P and his fellow minions of darkness by simply making your password that little bit longer. How much longer? Well, Mr. P was kind enough to draw up the following table:

Password Length

All Characters

Only Lowercase

3 characters
4 characters
5 characters
6 characters
7 characters
8 characters
9 characters
10 characters
11 characters
12 characters
13 characters
14 characters

0.86 seconds
1.36 minutes
2.15 hours
8.51 days
2.21 years
2.10 centuries
20 millennia
1,899 millennia
180,365 millennia
17,184,705 millennia
1,627,797,068 millennia
154,640,721,434 millennia

0.02 seconds
.046 seconds
11.9 seconds
5.15 minutes
2.23 hours
2.42 days
2.07 months
4.48 years
1.16 centuries
3.03 millennia
78.7 millennia
2,046 millennia

Even the seemingly minute difference of mixing up upper and lower case letters makes the world of difference, according to J.P, and “adding just one capital letter and one asterisk would change the processing time for an 8 character password from 2.4 days to 2.1 centuries.” Blimey.

Signing off with some useful tips, John P reminds password paranoids out there to diversify their passwords, use different ones for different websites, substitute some letters for numbers and for those with shoddy memory, to use Roboform to store all of your passwords in an encrypted format.

There now, aren’t you feeling more secure already? You’re welcome.