How Long It Would Take To Hack A Password

Password strength has become more of a issue in recent years. While it has always been important to select secure passwords, advancements in processing power and distributed computing (for instance cloud computing) have made it more of a pressing matter. Passwords that may have taken weeks or years to crack in the past are now crackable in days or even hours. That’s a big security issue considering that many computer users are still selecting weak passwords as their account passwords.

Services that test a password strength can help users in evaluating their passwords. Will it take days, years or even longer to crack a selected password? That’s what How Secure Is My Password will tell you.

Just head over to the service’s website and enter a password in the form. You do not necessarily have to enter a password that you use actively. You can alternatively enter a comparable password to find out how long it would take to hack your password with a brute force, or maybe a combined dictionary and brute force attack.

Experienced computer users know that they need to pick passwords that contain upper and lower case letters, digits as well as special characters to make it secure. Length suggestions vary from 12 to 16 in most cases. The How Secure Is My Password service suggests to use passwords with a length of at least 16 characters.

The password checker can be an eye opener for users who are using weak passwords. You can try out the service here or check our How Secure Is A Password guide for suitable alternatives.

But the service is not only displaying the time it would approximately take to hack your password, it also displays information and tips that can help you select a more secure password. In addition, it compares the selected password against the list of the top 10k passwords used on the Internet.

The estimated time to hack a password is based on the processing power of a modern desktop PC. Depending on the infrastructure used, it may take considerable less time to hack a password.

---

© Martin Brinkmann for gHacks Technology News | Latest Tech News, Software And Tutorials, 2011. | Permalink |
Add to del.icio.us, digg, facebook, reddit, twitter
Post tags: password, password strength, weak-passwords

What are the World’s Worst Passwords?

Passwords are important, very important in fact as they’re usually the only thing preventing criminals from stealing your personal and credit card information, and using your email account for sending spam (and having your account closed shortly afterwards as a result!)  In short it’s critical to have secure and unique passwords for everything these days.

Now SplashData have compiled the list of the top 25 most common passwords.  They have compiled the list by examining the password dumps that have been posted online by hackers.

The list, which unsurprisingly comes with the password “password” as the most common doesn’t come with any great surprises.  The most common threads running through these are that they are all very short and most are common dictionary words or proper names.  These are all things to be avoided when creating a new password.

You will notice though that the password “qazwsx” is in the list and why shouldn’t this be secure.  If you look at your keyboard you will see why, as password cracking software looks at common patterns that can be typed on your keyboard.

The list of the top 25 most common passwords is…

1. password

2. 123456

3. 12345678

4. qwerty

5. abc123

6. monkey

7. 1234567

8. letmein

9. trustno1

10. dragon

11. baseball

12. 111111

13. iloveyou

14. master

15. sunshine

16. ashley

17. bailey

18. passw0rd

19. shadow

20. 123123

21. 654321

22. superman

23. qazwsx

24. michael

25. football

It’s not actually difficult to create a strong password and I have put a posted I created below (click to view it full size) that you can print out and put on your wall in your home office or workplace.

A strong password should be absolute minimum of 8 characters in length, preferably a minimum of 10 characters and contain a mixture of numbers, symbols and upper and lower case letters.  You can use numbers and symbols to replace letters they are similar to, for example using an “&” instead of the letter “a” and using the number “1″ instead of an “i” or an “l”.

You can also mix things in a way that makes sense when remembering the code you have used to create the password.  For example, you could have a password made up of two words of different lengths, where the third letter of each word is capitalised and the fifth character in each word is replaced by a symbol.

Finally you can also, for added security, append to the end of the password, or preferably mix into it the first three letters (or a three or four letter identifier) for the website or service the password is for.  For example Amazon could mean the letters AMZ are mixed into your password.

By following these rules it’s very easy to create long, super-secure and above all memorable passwords that will help your data and financial information stay safe online.

There are also other things you can do keep your passwords safe.  One way is to use randomly generated passwords and password storage software on your PC (with it’s own secure password) to auto-fill these in on the websites you use.

Having a super-strong password is so important so I really urge you to tweet, blog and share this post and the poster as far and wide as possible so your friends, family and colleagues can see if their own passwords are in the list.

---

© Mike Halsey (MVP) for gHacks Technology News | Latest Tech News, Software And Tutorials, 2011. | Permalink |
Add to del.icio.us, digg, facebook, reddit, twitter
Post tags: password

How to Secure Windows Phone with a Delayed Password

One of the problems with Windows Phone when the operating system was first released was that while you could secure your phone with a passcode it was either all or nothing.  This meant that you either had to type in a passcode every single time you wanted to do anything on your phone or it never asked you for a password at all.  I know this was of great concern to many people, including myself.  Fortunately with the latest version 7.5 update Microsoft have fixed this issue with the operating now able to turn the passcode on after a period of inactivity.

This is not a widely advertised feature though and there’s no information before, during or after you update your phone to even let you know it exists.  I thought, with my new found ability to get screenshots on my own Windows Phone, that I’d write a short tutorial here for you on how to use this very useful, if not essential, new feature.

1)     Firstly you want to open Settings from the main apps menu

2)     When in the main settings panel, open Lock + Wallpaper

3)     You should now turn on the Password feature for the operating system

4)     Windows Phone will now ask you to enter a passcode, this will always be a numeric value.

5)     When you’re returned to the main Lock + Wallpaper screen, scroll to the very bottom of the screen and tab Require a Password After

6)     You can now select how long a period of time will pass, of up to 30 minutes, before Windows Phone activates the passcode.  Personally I prefer 30 minutes as the others are perhaps a bit short.  With this set you can check your phone regularly without having to worry it will lock you out and require the passcode to be entered every time.  However you will know that if you lose your phone it is very likely that the passcode will automatically turn on to protect your contacts, emails and files.

7)     It’s always a good idea to check the settings have been accepted afterwards.  Here you can see it’s accepted my 30 minute delay on the lock.

I can’t recommend enough that you turn on a passcode for your Windows Phone (or iPhone or Android Phone or Symbian Phone etc.) as we’re all now carrying around increasingly large volumes of data with us.

For example, Windows Phone 7.5 now allows you to easily access any files and documents you may have stored in Microsoft’s SkyDrive cloud storage service.  On mine I have all manner of word processor and spreadsheet documents, some of which contain personal and sensitive information.  It’s extremely useful being able to access these files on the move, but critical to know they’re also secure all of the time.  Even if this feature had been in the previous version of Windows Phone, I never would have used it without a good, strong password on the handset.

It can be royally annoying though when a phone asks you to enter your password every single time you pick it up, especially when you’re only doing something simple such as checking your email or updating Facebook.  With this new feature activated you can rest assured that your phone and data will always be safe… well, after 30 minutes anyway.

---

© Mike Halsey (MVP) for gHacks Technology News | Latest Tech News, Software And Tutorials, 2011. | Permalink |
Add to del.icio.us, digg, facebook, reddit, twitter
Post tags: 7.5, mango, passcode, password, windows phone

Windows Password Resetter, Restore or Reset A Windows Account Pass

When I worked for one of Germany’s biggest financial organizations back before I started blogging full time, I had to change my user account password on a regular basis. Even worse, they had set the password rules in a way that you could not just re-pick your old password. Heck, you could not even use a variant of your old password or other simple easy to remember passwords or strings.

That was a problem back then as you had to remember a new password several times a year. It happened more than once that a user who had changed the password the day before simply could not remember it. You had to walk to the IT department to get a temporary password which you then had to use to log in and change the account password once more.

While it is not possible to use password resetters in a corporate environment, you probably do not have the same restrictions on your home computer or in a small business network.

Windows users who are cautious may have created a Windows password reset disk in advanced which they can then use to reset the account password.

If you have not, you have still plenty of options to reset the pass. Before I look at tools for the job, I’d like to point out a few options that may or may not be available to you.

One of those options is to log in with an administrator account, or ask someone to do that, to reset the password. The admin needs to run the following command on a command line prompt:

Local Password Reset

net user user_name new_password

Replace user_name with the name of the user and new_password with the new user password for the account.

Remote Password Reset

net user user_name * /domain

This command can be used to change the account password of a remote user. Replace user_name with the name of the user and /domain with the domain. You are then prompted to enter the new password for that user.

Sometimes though you may not have another administrator account to log in and change the user password. Your best bet in this case is to use a so called password resetter to reset or restore the account password. Depending on the program, you will either be able to see your old Windows password or get a new password to log in with.

We did cover a few applications in the past for that job, including Trinity Rescue Kit which you can burn to disc, write to USB or run over a computer network. You can check out our review here: Reset Windows Passwords if you cannot login anymore

Another program is Ophcrack, which comes as an ISO image which you have to burn to CD. You then boot from the CD and use the program to recover the passwords. This happens more or less automatically, and very fast. Depending on your system and password length, it could take less than a minute to reveal the password.

Offline NT Password supports resetting the password on all versions of Windows from Windows NT all the way up to Windows 7. It is likely that the program will work with future versions of Windows as well as the developer continues to improve it regularly. The program is offered as a Password reset CD or USB bootdisk. Please note that the password resetter is not using a fancy interface, all is handled on the command line.

You basically need to mount the partition or hard drive your Windows operating system is stored on. You then need to supply the path to the Windows Registry directory and have then all options available to reset some or even all user account passwords on that machine. You can download the application from the official site. New users should check out the instructions which guide through the password resetting process.

A second option is the free program PC Login Now which can be used to remove the password from an account. This basically sets the password to empty so that Windows won’t ask for a password when the user logs in on the system the next time.

You can download the software from the developer website.

Have you used different methods to reset a Windows account password? Lets hear them in the comment section below.

---

© Martin Brinkmann for gHacks Technology News | Latest Tech News, Software And Tutorials, 2011. | Permalink |
Add to del.icio.us, digg, facebook, reddit, twitter
Post tags: password, password reset, password reset disk, password resetter, windows password, windows password recovery