Thirty-six seconds. That’s how long it took to crack my password a few years ago.
Years back, the IT guys at a company where I worked called me to ask if they could use my account passwords to run a test. They wanted to try to hack an account on the system, to test their security and network monitoring. I agreed, thinking that the oddly spelled word I had chosen would hold up.
They called back. We were all a bit stunned by how fast the program had found my password. They had used a dictionary-based attack, using a tool that is available to anybody with an internet connection and a little technical knowledge. Wow. The program had cracked my password so fast, they didn’t have time to test the rest of the network security settings.
I’ve upgraded my passwording habits, but the quality of the tools has improved in the intervening years. Now the security world is holding its breath about Conficker, a nasty little worm that is set to rear its head tomorrow. (Details at PC Mag here.) Among other things, it tries to guess passwords.
So maybe today’s a good day for a quick review: have you changed your passwords lately? Are they strong passwords? If not, make some time to fix the problem before it gets worse.