by Feryal Badili
Are you annoyed by the security policies that your IT department has implemented? Does your password expire every few months? Do they force you to choose a password that has letters and numbers and some special characters? Do they stop you from choosing your old password again? Are they forcing you to choose a long password?
If you answered yes to these questions, then you are in good hands.
Truth is...these rules are applied to protect you and your data. You might not know this, but hackers don’t really need to sit down and guess and type in your passwords. There is software that can try different combinations of all characters to find the matching password for an account. Some of these hacking tools, use a dictionary as the input and try every single word in the dictionary as the password.
They are even smart enough to know that some people substitute some letters with digits (for example 3 instead of e in a word) or special characters (for example @ instead of a), so they try several different combinations of characters that can be used as a password for a single word in the dictionary. Considering the fact that computers are really fast and do not get tired, it seems that the bad guys have the upper hand. (By the way, this method of attack is called “Brute force attack”).
If you use a long password that is a combination of alphabets, numbers and special characters, you don’t need to worry about the brute force attacks. The following table shows the effectiveness of strong passwords against brute force attacks.
| If your password is made of | The amount of time that it takes to crack the password |
|---|---|
| 7 letters of alphabet only | 0.2 milliseconds |
| 7 characters (alphabet and numbers) | 20 minutes |
| 7 characters (alphabet, numbers and special characters) | 6 hours |
| 8 characters (alphabet, numbers and special characters) | 24 days |
| 9 characters (alphabet, numbers and special characters) | 6 years |
| 10 characters (alphabet, numbers and special characters) | 609 years |
As you can see, length of the password along with the combination of different types of characters can increase the amount of time that is required for a computer to crack your password, which ultimately protects you from brute force attacks, and that’s why the IT is applying those annoying rules for your passwords.
Feryal Badili is Director of Research & Development & Technical Architect at MediSolution. She has worked for some of Canada's leading IT companies. For more information about Feryal