Version 1

    Sometimes it becomes a real pain and massive headache when you must remember 20 different passwords for important things every single day, and having the very same one password for more than one account is a dangerous thing to do and a not-so recommendable practice. As well, if you have the idea that it's very unsafe to write them down somewhere, whether digitally or non-digitally, you and I think pretty much alike.


    Nevertheless, it is something we must get used to somehow, and the methods we use to keep those passwords safe are not handy most of the times, right?

    Anyway! This post attempts to compile and remind you the best practices in keeping out passwords secure, and dealing in between the vast number of services we daily log into and log out of.


    Firstable, let's define what are the elements that make our password secure enough. Login(1)_large

    • length
    • avoidance of dictionary words
    • avoidance of relevant user information (first name, last name, birth date)
    • avoidance of common patterns
    • the combination of lower and uppercase letters, numbers and special characters.

    The mixture of different character types makes up what’s called the “keyspace”. The keyspace can be computed through the formula CN, C being the number of possible characters and N being the length of the password. To determine the keyspace of the “oh, so common” example, ‘password’, we would use the above formula CN. This example uses only lowercase letters which would bring the C in the formula to 26, i.e. the number of all possible lowercase letters [a-z]. The exponent N is simply the length of the password ‘password’ which in this case equals 8. For our example, the formula turns out to be 268 or roughly 208 billion.



    So this means that for an attacker to perform a brute force attack, like trying every single possibility in the keyspace, they would need to try roughly 208 billion possibilities. At first glance you may be thinking, “Oh, that sounds like a pretty secure number to me.” But in reality, it really isn’t.



    There are many advanced programs and techniques that are used to speed up the password cracking process including: GPU based cracking, rainbow table assisted cracking, cloud based cracking, and statistical pattern assisted cracking. Using GPU base cracking, a single AMD Radeon HD 7970 can reach speeds of up to 8.2 billion passwords per second. [1] If an attacker were to use the brute force method he or she would crack our example “password” in just less than 26 seconds.



    Following the above guideline for password strength is paramount to keeping your passwords secure against the multitude of password cracking attacks.


    There is a seemingly age old argument of passwords vs. passphrases. That is, use a long, easier to remember passphrase compared to a more compact, but difficult to remember password. An example of a passphrase can be the name of your favorite book, “So Long, and Thanks for All the Fish” which would have a keyspace of 8536 or roughly around 2 duovigintillion (I swear it’s a real thing). Whereas, an example of a password could be ‘xYaQxrz8!’, which would have a keyspace of 959 or roughly 630 quadrillion.


    Seems strong enough right? Hopefully you will still get those headaches once in a while but you're online services will be secured up. The technique I use to avoid headaches is writting keywords similar to my passwords or linking them with a personal experience...(I guess my memory isn't that bad after all). It can also help writing a big note with a random story that includes them...the matter here is to find a way to maintain them and keep thieves away.