Thanks to powerful brute-force-attack software readily available online, hackers can try tens of millions of possible password combinations per second. For example, a hacking software can guess a five-character password in under three hours. If you only use lowercase letters, it’s 11.9 seconds. A weak 16-character password can be cracked in less than an hour.
Back in 2013 as part of an Ars Technica experiment a team of hackers has managed to crack more than 14,800 allegedly random encrypted passwords, a staggering 90% from a list of 16,449. I bet it would take them twice as fast today.
Given, cracking hash codes may not be that easy if the server is properly secured and the hackers should not be able to access the database with all the hashes in the first place. Choosing a secure password by itself is not enough if your server is not protected properly. Talk to your IT support company to ensure that your email, workstations, and servers are fully protected and secure.
So, you think you have a strong password?
Through various internet sources, one can research most commonly used passwords.Their position in the “Top X” list varies, but they consistently pop up in the last 6 or more years.
If you think your password is much harder to crack, consider this: the hack success during the Arc Technica experiment averaged a 71% rate, and the hacker who cracked 90% of hashed passwords did so in less than an hour using a computer cluster. The hackers also managed to crack 16-character passwords including “DG091101%“, “Qbesancon321“,”qeadzcwrsfxv1331“, and “Philippians4:6-7″.
Is your password on the list? Check with a Password Meter »
3 rules to follow to stay off of the hacked passwords list
Remember, modern hackers have sophisticated password hacking software that can run non-stop. Minimize the risk of having easily hacked weak passwords:
- Use strong passwords. You know – a combination of letters, numbers, characters and changed cases. But take it a step further – do not just convert a word like password into such combination such as Pa$$w0rd. Anything that is in the dictionary, with any possible number-letter swap variation can be hacked.
- Do not reuse passwords. When it is time to update the password, just do it. A need to regularly update the existing password is a healthy IT security protocol to abide by.
- Do not use a single “master” password for every account you have. If one gets hacked, it is only a matter of time before the others do, too.