For years, people have been warned about using strong passwords and being told that strong passwords have the following characteristics:
- Mixed Upper and Lower Case
- Special Characters
It goes without saying you should NEVER have a password that might relate to your name or the name of a family member.
But there is a website that will tell you exactly how STRONG (or weak) your password happens to be. The strength of a password is measured in entropy. The higher the entropy, the stronger the password.
http://rumkin.com/tools/password/passchk.php
So, using the above criteria, how strong are the following passwords?
| Password | Entropy | Comment | @1k guess per sec |
|---|---|---|---|
| He1nr1ch$ | 39.9 | Reasonable Strength. But it’s also my name. | 17 years |
| Fleaswtracenlant | 72.8 | Strong. But it’s also the name of my ‘A’ School in the Navy. | 149.7 BILLION years |
| Trump_8==> | 42.9 | Reasonable, and reflects a political opinion. | 140 years |
Is there a better way? Yes. Use four words that only mean something to you.
Example. Chicken Nuggets Tent Farts
I went camping with a friend of mine. He ate an entire 20 pack of Chicken Nuggets. I slept outside for obvious reasons.
What is the entropy here? 116.4 bits, which is incredibly strong. At a 1,000 guesses a SECOND, it would take 2,634,346,452,833,500,000,000,000 years to guess the password.
That’s 2.6 septillion years.
As a frame of reference, the Big Bang event occurred 14 billion years ago and the last dinosaurs died out 65 million years ago.
XKCD had a comic for this…
