If you thought your 20 character password was “strong enough” we’ve got some bad news for you, the password-cracking software ocl-Hashcat-plus can make 8 billion guesses per second and can crack passwords up to 55 characters. What’s worse? It already knows words in the dictionary, commonly used passwords, variations in spelling, and even quotes from your favorite book.
Most websites don’t actually store your password; instead they store a mathematically computed number known as a “hash” which is very difficult to reverse but can be easily calculated and compared to the stored value. When websites are compromised, all these hash values are run through automated password-cracking software such as ocl-Hashcat-plus to calculate billions of password combinations and compare the calculated hash against the information that’s been stolen. Eight billion guesses per second might sound intimidating, but there are some ways you can fight back:
1) Change your passwords regularly, if they don’t have your current password they can’t get into your account.
2) Break out the dictionary or thesaurus, you’ll expand your vocabulary and make your password harder to guess by including less common words. Ebullience!
3) Use unrelated words separated by a special character, it will make the password easier to remember but Antarctic^Waffle is less likely to be included in a list of common passwords than CutePuppy!
4) Consider using a pneumonic: “Nine(9) planets aRe at(@) Colorado’s natural history Museum” – “9pR@CnhM”.
5) Unsurprisingly, the most common password is “password”, sequential numbers are a close second, so try to avoid the use of both.