How strong is your password? | Analyzing common passwords

Recently a range of students from across the UK were asked for an example of a strong password they could use on a website. This password would have to thwart brute force and similar attacks and attempts while remaining memorable. Below we can see a handful of their submissions:

At first glance these passwords range in complexity, going from the simple ‘password’ to the excessive ‘Measuredoutislifeincoffeespoons’. Using the password strength checker ‘HowSecureIsMyPassword‘ we can look at the amount of time a few of these would take to brute force(see the above website for how these timings are generated):

Password: Password Length: Time To Crack:
redarrows 9 22 minutes
Bu7kil 6 14 seconds
Hello.11 8 5 days
C3star 6 14 seconds

When creating strong passwords we are looking for a few things. This including: a password being above 8 characters in length (example: ********), a password with no obvious pattern (example: rtjsscrsz), a password with a range of characters and symbols (example: H3ll0wOrl)d*) and finally a password with no dictionary words (example: qssswa).

There are also several tips that can be used when creating passwords.  The most prominent of these can be done by taking a long and memorable phrase, for example: “I usually take my dog out for a walk on Wednesday mornings”. Once we have this statement we can take the first letter of each word, being: “iutmdofawowm”. This is a great password as it lacks any dictionary words, however it could still be better. After we have this we can now add a few; numbers, characters and upper case letters to round it off. We’re now left with “iUTmd0f4wowm*)”.

It’s passwords like this that should become the norm for users, to make sure that we’re improving our security in any and every way we can.

Image source:

James Stevenson

Im a Cyber Security enthusiast that loves all things to do with technology. I'm specifically interested in cyber security and ethical hacking.

You may also like...