Tuesday, 8 January 2013

Can I hack your password in 10 minutes?


By 


2011 saw some of the worst passwords ever recorded! In a previous post, we found that the five worst passwords of that year were:
  1. password
  2. 123456
  3. 12345678
  4. qwerty
  5. abc123
‘password’ is the number one password?

The report was made by Splashdata which gathered data from the millions of stolen passwords posted online by hackers in 2011.

But a new year has passed and with MI5 battling "astonishing" levels of cyber-attacks in the UK industry and Symantec stating in their 2011 report that they recorded thousands of hacking events every second, we have surely learnt from our mistakes, right?

According to the list below, we’re still as lazy as it gets. In the 2012 report released by Splashdata, ‘password’ is still the most popular password…

Here's the full list with comparison to 2011:

1.    password (Unchanged)
2.    123456 (Unchanged)
3.    12345678 (Unchanged)
4.    abc123 (Up 1)
5.    qwerty (Down 1)
6.    monkey (Unchanged)
7.    letmein (Up 1)
8.    dragon (Up 2)
9.    111111 (Up 3)
10.   baseball (Up 1)
11.   iloveyou (Up 2)
12.   trustno1 (Down 3)
13.   1234567 (Down 6)
14.   sunshine (Up 1)
15.   master (Down 1)
16.   123123 (Up 4)
17.   welcome (New)
18.   shadow (Up 1)
19.   ashley (Down 3)
20.   football (Up 5)
21.   jesus (New)
22.   michael (Up 2)
23.   ninja (New)
24.   mustang (New)
25.   password1 (New)

Source: Gizmodo - The 25 most popular passwords of 2012


But are we really that lazy? No and here’s why


As mentioned, this data is gathered from millions of stolen passwords posted online by hackers.

There’s a reason ‘123456’ is on this list!

Many hackers use tools to randomly guess your password, and depending on its length and characters contained, it can take the tool anywhere from 10 minutes to (in my case) 44,530 years to get!


How to make hackers wait 44,530 years to get your password


Simply make your password 9 characters, add a symbol and a number. Below you can see how long it takes to hack your current password.

Length: 6 characters
Lowercase: 10 minutes
+ Uppercase: 10 hours
+ Nos. & Symbols: 18 days

Length: 7 characters
Lowercase: 4 hours
+ Uppercase: 23 days
+ Nos. & Symbols: 4 years

Length: 8 characters
Lowercase: 4 days
+ Uppercase: 3 years
+ Nos. & Symbols: 463 years

Length: 9 characters
Lowercase: 4 months
+ Uppercase: 178 years
+ Nos. & Symbols: 44,530 years


As you can see, it’s obvious why the simple passwords are on the list. It only takes 10 minutes for hackers to get any of them. Hackers aren’t going to wait more than two days to get your ‘real’ password. So relax, the world is not as lazy as it seems… unless for reasons you won’t discuss, you are concerned to see "monkey" so close to the top.

Will 2013 bring a more creative list of passwords? let us know in the comment section below.

Lets at least hope 'password' won't still be at the top.

About the Author:
Julian writes for Firebrand Training on a number of IT related topics. This includes exams, training, certification trends, project management, certification, careers advice and the industry itself. Julian is the companies Digital Marketer.