The recent Linkedin’s security breach of user password has taught a lesson again to every internet user. Despite the constant reminder of the importance of a password strength, many people seem still not taking this issue serious enough. Perhaps, ‘ No Pain, No Learn’. Hopefully you can take a remedy action after this post, if you feel your password is somehow vulnerable.
So this is what happened to Linkedin recently: 6.46 Million passwords stolen and posted on a Russian hacker forum plus 165k hashes cracked. Although there is no relevant email is being unveiled in the leak, do you really think it’s hard for the hacker to get those done?
Still not persuasive enough to reconstruct you personal internet password? How about this study provided by Errata Security to show how fast a hacker can crack your password:
The answer “2 billion per second” using the Radeon HD 7970 (the latest top-of-the-line graphics processor). Each letter of a password has 100 combinations (UPPER, lower, d1g1ts, $ymbols). A 5 letter password therefore has 100 x 100 x 100 x 100 x 100 or 10 billion combinations, meaning it can be cracked in 5 seconds. A 6 letter password has 100 times that, or 500 seconds. A 7 letter password has 100 times that, or 50,000 seconds, or 13 hours. An 8 character password is roughly 57 days. A 9 character password is 100 times that, about 15 years. In other words, if your password was 7 letters, the hacker has already cracked it, but if it’s 9 letters, it’s too difficult to crack with brute force.
Apparently a password length does put a considerable weight at the security. Additionally there are many other ways to improve the password strength effectively, and we strongly recommend you to read our previous post about ‘How to improve your password strength?‘. You can also know what are the other bad examples of password and how to check your password strength at the post mentioned.
Most importantly, don’t never ever used any password that is flaged as most-vulnerable by the security expert or suggested at the infographic below. This is simply because bad passwords are part of the hacking recipe which make no difference to commit suicide if you use it.
Image Courtesy of Rapid7