How Long Is Yours?

Brian of London here with one of his irregular Tech Talk features.

Just as the ladies have always known, length really does matter. Here’s a little Shana Tova New Year gift to readers of Israellycool: a little something to help you stay safe online with better password security. I’ve listened to the podcast Security Now faithfully for many years now and in the field of computer security the host, Steve Gibson, is one of the best.

This is a well put together explanation of his “Password Haystacks” thinking done by ABC News. It’s pitched firmly at the non-technical and it’s very good advice and worth reading and watching the video.

Here are two passwords. Try to figure out which one is harder for a hacker to crack.

  •  First, one with a combination of letters and symbols: “%$#@(8ks98”
  • Another starts with the word “dog,” but with a capital “D,” the numeral zero for the “o,” and several periods after the “g”: “D0g………..”

Believe it or not, the second is more difficult, and here’s why.

11 thoughts on “How Long Is Yours?”

  1. mine was a two spanish words with numbers…and it got hacked

    i now use a password generator to change my email pword every month

    1. There's much more to all of this however: the video only talks about brute force repetitive guess of passwords. If you unsecured WiFi in a public space, or have malware installed on your machine sending your passwords to Russia, then you have a whole load more problems.

      But, as we say here in Israel, para-para, cow-cow, fix things one after the next but make a start.

      1. Like BrianOfLondon, I cannot stress the importance not to use insecure connections to transmit login data and credentials. Every time you submitt a password on websites withouth SSL encryption from a public hot spot, consider it unsafe. This also applies to smartphones and their apps!
        The best way to connect from insecure WLANs would be a VPN or SOCKS proxy.
        Another aspect is the possibility to calculate stolen password hashes with rainbow tables. Some Hashes like MD5 were considered safe once, but they aren't. Rainbow tables tremendously shorten the time it takes to crack password hashes. Why does it matter? Consider this scenario: an unimportant site was hacked and the attackers stole the whole user database containing all hashed password. If you use one password for multiple logins and sites then someone might be able to break into your account.

  2. I think a big problem is that a lot of places simply don't allow punctuation and don't differ between upper and lower case.

    I change my passwords about once a month, at work I often change it once every two weeks and I keep them in an old fashioned notebook of the paper kind because no matter how good a computer hacker they are they aren't hacking that.

    My biggest worry has always been security software, in my experience Norton and a number of others have been very poor at keeping up to date.
    Any other tips Brian?

    1. Don't use any operation systems or software that is inherently unsafe. Keep all system components up to date. This is extremly important on Windows.
      Also on Windows don't never use the administrator account for every day work. Don't install any unsigned software. Disable Flash and Javascript in all browsers and only activate it for trusted websites. Then you might be a little safer.
      Your idea about writing down passwords on paper is hilarious. Never do that. by the way, in many companies there is a policy not to write down any credentials as it comprimises security.

      1. Use Mozilla with NoScript and like you said, only allow sites you trust. I havent gotten a virus or spyware since I first installed NoScript.

  3. It just occured to me that anyone testing their password on that guys' website is actually transmitting their password in the clear.

    Just Saying 😀

    1. The password is not sent to GRC. That page runs javascript on your machine and the calculation is done by your browser. If you want to, you can use any page on his site under https:

  4. I use a rough threat assessment to determine how complex a password should be. Email, bank, ebay, paypal, facebook all have more complicated and indepth passwords. Game sites I dont care about get simpler passwords.

    Really, if your worried, just make a long, complex password. A1p2P3l4E5s6A7u8C9e and write it down on a paper. The risk of that paper being stolen is much lower than the risk of an easy password being cracked. You can always list a bunch of passwords on a paper with no identifiers and no one will have a clue. And if you use the sites enough, youll end up memorizing them.

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top