Used to start with “aaaaaa” and end the year with “zzzzzz” Had to change every two weeks. The next year had to start with “aaaaaaa” so as not to repeat “aaaaaa”
Luckily, I’ve never had an employer that required such password changes. Makes much more sense to not allow massively repeated “log in” attempts, so that the theoretical success of making random guesses would normally take centuries to succeed.
One of the ways hackers crack passwords is by getting a hold of a compromised database.
User names are “in the clear” but the passwords are encrypted. The encryption process is like making sausage. It’s a one-way street. You can’t force sausage backwards through a meat grinder and get a pig back on the other side.
So hackers have to guess what the password is and the use the same encryption process as the bank or company and see if it come out as a match. So they try all possible of combinations of 6 characters, 7 characters, etc. all the way up to 20 characters (since some companies put this limit on the number of characters a password can be.)
There are about 72 characters that can be generated from a keyboard without going into CTRL and ALT characters.
So there are 139,314,069,504 combinations for a 6-character password. This seems like a lot, but with the speed of computers today, it takes less than a second to try them all. There are some algorithms that try more commonly used characters first. Naturally, he program stops when a match is found and moves onto the next account.
By the time the password gets up to 10 characters, there are 3,743,906,242,624,490,000 combinations. If this were the combination to Fort Knox, I might be willing to take the time (It takes about a month) to crack it. If I am just looking for a bank or credit card account, I’m moving onto lower hanging fruit.
My passwords are normally close to 20 characters. A brute force attack would take 42 quintillion years to break them. I’m not sure how many zeros there are in a quintillion, but it’s a lot of them.
The reason organizations require periodic password changes is that they expect the accounts to be hacked. If you have changed your password since the hack, you are safe.
EgidiusPfanzelter about 9 hours ago
Just add the current date. Have done that for years.
The Reader Premium Member about 8 hours ago
If you have already used 1234, and 5678, try 9101112.
NeedaChuckle Premium Member about 6 hours ago
Used to start with “aaaaaa” and end the year with “zzzzzz” Had to change every two weeks. The next year had to start with “aaaaaaa” so as not to repeat “aaaaaa”
sandpiper about 4 hours ago
Does seem to get tiresome for a lot of folks. Wouldn’t want to be mixed up in that.
gammaguy about 4 hours ago
Luckily, I’ve never had an employer that required such password changes. Makes much more sense to not allow massively repeated “log in” attempts, so that the theoretical success of making random guesses would normally take centuries to succeed.
Zen-of-Zinfandel about 3 hours ago
LetMeIn@2024
dflak about 2 hours ago
My nephew says that his password is the last six digits of Pi.
dflak about 2 hours ago
One of the ways hackers crack passwords is by getting a hold of a compromised database.
User names are “in the clear” but the passwords are encrypted. The encryption process is like making sausage. It’s a one-way street. You can’t force sausage backwards through a meat grinder and get a pig back on the other side.
So hackers have to guess what the password is and the use the same encryption process as the bank or company and see if it come out as a match. So they try all possible of combinations of 6 characters, 7 characters, etc. all the way up to 20 characters (since some companies put this limit on the number of characters a password can be.)
There are about 72 characters that can be generated from a keyboard without going into CTRL and ALT characters.
So there are 139,314,069,504 combinations for a 6-character password. This seems like a lot, but with the speed of computers today, it takes less than a second to try them all. There are some algorithms that try more commonly used characters first. Naturally, he program stops when a match is found and moves onto the next account.
By the time the password gets up to 10 characters, there are 3,743,906,242,624,490,000 combinations. If this were the combination to Fort Knox, I might be willing to take the time (It takes about a month) to crack it. If I am just looking for a bank or credit card account, I’m moving onto lower hanging fruit.
My passwords are normally close to 20 characters. A brute force attack would take 42 quintillion years to break them. I’m not sure how many zeros there are in a quintillion, but it’s a lot of them.
The reason organizations require periodic password changes is that they expect the accounts to be hacked. If you have changed your password since the hack, you are safe.
ZBicyclist Premium Member 33 minutes ago
Don’t use your mother’s maiden name as your password. Your mother won’t want to change her name every 3 months.
mistercatworks 31 minutes ago
Yeah, apply for “password manager” positions. :) :) :)