Languagesx
English Deutsch
Subscribe
Home Why Using 2 or 3 Simple Words May Be the Best Password Protection of All

Why Using 2 or 3 Simple Words May Be the Best Password Protection of All

What makes a great password may not be its complexity but how many words you want to string in a row.

Passwords get hacked in five basic ways, writes Thomas Baekdal in a blog post on the topic:

  • The hacker asks for the password through a scam of some sort.
  • The hacker guesses. People like to use simple things they remember, like their birthday. That makes it easier to hack.
  • The hacker does a brute force attack. A hacker simply attempts to sign-in using different passwords one at the time.
  • The hacker attempts to sign-in using a list of common words.
  • The hacker uses the dictionary approach by using the full dictionary of words to try and access the network.

IT security professionals encourage people to use complex passwords. Those are difficult to break. The problem is people write those passwords down on pieces of paper. That’s not very secure.

But what you really need are passwords that you can memorize but are also difficult enough that it’s not worth the time for the hacker to try to crack them.

Using more than one common word would take a hacker months to guess. Three common words and it’s nearly impossible to crack.

Baekdal:

It would take:

  • 1,163,859 years using a brute-force method
  • 2,537 years using a common word attack
  • 39,637,240 years using a dictionary attack

It is ten times more secure to use “this is fun” as your password, than “J4fS

Now what can the provider do to make the network more secure?

1. Add a time-delay between sign-in attempts. Instead of allowing people to sign-in again and again and again. Add a 5 second delay between each attempt.

It is short enough to not be noticeable (it takes longer than 5 seconds to realize that you have tried a wrong password, and to type in a new one). And, it forces the hacker to only be able make sign-in requests 1 every 5 seconds (instead of 100 times per second).

2. Add a penalty period if a person has typed a wrong password more than – say – 10 times – of something like 1 hour. Again, this seriously disrupts the hacking script from working effectively.

By adding the time delay, the provider now protects the user and rewards the one who uses the method for stringing together multiple words.

Passwords are notoriously easy to crack. But it does not have to mean remembering strings of random letters and numbers. As Baekdal points out, a hacker can hack the password “alpine fun” in only 2 months if he is able to attack your server 100 times per second. But, with the penalty period and the 5 second delay, the same password can suddenly sustain an attack for 1,889 years.

About ReadWrite’s Editorial Process

The ReadWrite Editorial policy involves closely monitoring the tech industry for major developments, new product launches, AI breakthroughs, video game releases and other newsworthy events. Editors assign relevant stories to staff writers or freelance contributors with expertise in each particular topic area. Before publication, articles go through a rigorous round of editing for accuracy, clarity, and to ensure adherence to ReadWrite's style guidelines.

tags

Related News

Logitech offers mouse and keyboard users free ChatGPT upgrade with AI Prompt Builder. A robotic hand with silver metallic fingers holds a black computer mouse on a red background. Text at the top of the image reads from left to right: "Recipes Instructions 0". Below that is a text box with the following options, top to bottom: "Rephrase", "Summarize", "Reply", "Create Email", "Brainstorm".
Logitech offers mouse and keyboard users free ChatGPT upgrade
Suswati Basu
Streets of Sakarya city during the Ottoman Empire
Medium bans AI-generated content from its paid Partner Program
Sophie Atkinson
How to tell if something is written by ChatGPT
How to tell if something is written by ChatGPT
James Jones
Elon Musk black and white side profile, on a dark blue background which features a large Tesla logo. wads of money rain down on the logo
Elon Musk to raise Tesla AI staff salaries to curb OpenAI poaching
Ali Rees
a conceptual image with a magnifying glass and large 'AI' letters to symbolize AI detectors.
5 best AI content detectors
James Jones

Most Popular Tech Stories

Latest News

Release of Prison Architect 2 has been further delayed to September 2024
Gaming

Prison Architect 2 delayed again, this time to September
Graeme Hanna3 hours

A second delay has been confirmed for Prison Architect 2, less than a month before the expected launch date. The game is now expected to launch on Sept. 3. The...

Popular TopicsArrow right.svg

AI
AI
AR / VR
AR / VR
Cryptocurrency
Cryptocurrency
Gaming
Gaming
Smartphone
Smartphone
Gambling
Gambling
Wearables
Wearables
Web
Web

Get the biggest tech headlines of the day delivered to your inbox

    By signing up, you agree to our Terms and Privacy Policy. Unsubscribe anytime.

    Tech News

    Explore the latest in tech with our Tech News. We cut through the noise for concise, relevant updates, keeping you informed about the rapidly evolving tech landscape with curated content that separates signal from noise.

    In-Depth Tech Stories

    Explore tech impact in In-Depth Stories. Narrative data journalism offers comprehensive analyses, revealing stories behind data. Understand industry trends for a deeper perspective on tech's intricate relationships with society.

    Expert Reviews

    Empower decisions with Expert Reviews, merging industry expertise and insightful analysis. Delve into tech intricacies, get the best deals, and stay ahead with our trustworthy guide to navigating the ever-changing tech market.