nternet news sites have been going crazy over how vulnerable our passwords are, these days. Hackers are having a relatively easy time accessing databases of passwords by the millions.
The cool thing is that even if they have the password, it’s protected by something called a hash. Hashing basically means that the password you type is translated into a long and messy string of text (check out this explanation for more details) that can’t be read by the naked eye.
There’s a way around it, though: if a hacker has the hashed password, they can use brute-force guessing. Basically, a password cracker can guess the password, run it through the hash algorithm, and see if the result matches with the messy hash they stole. If it matches, they know they have the correct password.
Especially smart crackers make custom PCs specifically for this brute-force method. They stack together tons of GPUs (used for graphics processing, normally) and have them rapidly generate millions of guesses—millions—per second. Faster than a supercomputer could have done it, just ten years ago. They, in essence, start with guessing “aaaaaaaa” and seeing if that matches, then “aaaaaaab,” then “aaaaaaac” and so on, until they get a match.
Needless to say, the longer your password is, the better. So what’s the best way to make a very secure password?
If you ever go into IT work—administering computer networks and stuff—you’ll probably be required to have a ridiculously long password. Something like 30 characters. Oh, and it gets better. It has to have upper-case, lower-case, numbers, and symbols. And some people have trouble memorizing a 10-character password—that’s why they do something stupid like “password11.”
And, let’s be clear: that’s a stupid password. We don’t like throwing that word around, but right now we mean it.
But our intentions are pure: we want you safe. When you start having credit cards and online bank accounts, secure passwords are a huge deal. A huge deal. So start getting good habits now.
But we digress. The best way to make a secure password is not to make a password at all. Instead, you make a pass phrase. Observe:
I'm in LOVE with eating 12 donuts.
Notice that we have symbols, upper and lower-case text, and numbers. And it’s long.
Come up with a long pass phrase like this, and you won’t have to worry about being cracked, because longer passwords require exponentially more time to guess. Think of it like this. If you have a one-character password, there are something like 94 things your password could be (including everything on your keyboard). But if you have two characters, it’s 94*94. Our pass phrase is 34 characters. Do the math and tell us what 98^34 is. (hint: it’s big)
(That’s the last time you’ll ever see us blockquote a sentence about donuts, by the way)