Not password, passphrase

For years, people have been warned about using strong passwords and being told that strong passwords have the following characteristics:

  1. Mixed Upper and Lower Case
  2. Special Characters

It goes without saying you should NEVER have a password that might relate to your name or the name of a family member.

But there is a website that will tell you exactly how STRONG (or weak) your password happens to be. The strength of a password is measured in entropy. The higher the entropy, the stronger the password.

So, using the above criteria, how strong are the following passwords?

PasswordEntropyComment@1k guess per sec
He1nr1ch$39.9Reasonable Strength. But it’s also my name.17 years
Fleaswtracenlant72.8Strong. But it’s also the name of my ‘A’ School in the Navy.149.7 BILLION years
Trump_8==>42.9Reasonable, and reflects a political opinion.140 years

Is there a better way? Yes. Use four words that only mean something to you.

Example. Chicken Nuggets Tent Farts

I went camping with a friend of mine. He ate an entire 20 pack of Chicken Nuggets. I slept outside for obvious reasons.

What is the entropy here? 116.4 bits, which is incredibly strong. At a 1,000 guesses a SECOND, it would take 2,634,346,452,833,500,000,000,000 years to guess the password.

That’s 2.6 septillion years.

As a frame of reference, the Big Bang event occurred 14 billion years ago and the last dinosaurs died out 65 million years ago.

XKCD had a comic for this…

Author: heinrich

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.