Earlier this week the Daily Mail published a story with the headline ‘How to create a password that will take a hacker 227 MILLION years to crack – and the UK’s top 10 can be deciphered in less than a second’. The list of vulnerable passwords offers no surprises, so how do you create an ‘uncrackable’ password?
The article suggests that you need to combine three unrelated words, giving the example ‘teabrownpicture’ which would apparently take 35,000 years to crack. However, by adding a number to the end such as ‘teabrownpicture2017’ it would take 227 million years to break (or 294 billion years if you believe How Secure Is My Password?).
I am not at all convinced by such headline-grabbing timescales, as password hacking is getting ever more sophisticated. What’s more, even the longest and most complex password is as vulnerable as the weakest, if an organisation is exposed, or exposes itself to a data breach. Furthermore, in practice, this type of password is a challenge to administer from a management and user perspective, as you still need to remember a different password combination, for every account you have. Finally, how many readers of this Daily Mail story will take it literally and make ‘teabrownpicture’ their default password for everything, meaning it went from taking 35,000 years to crack to 3.5 seconds.
If you still rely on password, having a policy in place to improve the standard of usage, should certainly be an important part of your security strategy, but you should also be planning for a future where you are not reliant on such an antiquated login credential. For practical steps, you need to migrate from passwords, check out my previous blog, or get in touch with the Authlogics team today.