Tag Archives: brute force attack

Is my Password Strong Enough?

by in Security, website-tips, WordPress

Username: admin
Password: admin

You know that’s really not bright, but why? First, I’ll answer the question –

Why do I need a strong password? 

It may not be obvious, but a strong password will help prevent a successful brute force attack on your account (whether this is your FTP account or your WordPress website).

“(A brute force attack) consists of systematically checking all possible keys or passwords until the correct one is found.” (wiki) You’ve seen it in movies, a computer screen cycling through characters one by one until each one is a hit and ‘locks’. This is the basic concept behind

Give it a go, at this Brute Force Space Analysis calculator. Enter admin as a password. This is an accelerated test, with the smallest scenario showing how fast a password could be cracked with 1,000 attempts per second (3.43 hours). Now try a password like adm1n:) and it now estimates a successful crack would take centuries.

You should be aware that this calculator doesn’t tell a complete story. Many brute force attacks are ‘password dictionary’ attacks, meaning a dictionary of common passwords are tried. Admin, 123456, Password are some of the more common (obvious) dictionary passwords.

How do I create a strong password?

The strongest password should be as long as possible (if you’re allowed to use 24 characters, use them), with a minimum of 8 characters. Your password should include numbers and be MiXeDCase (using upper and lower case letters). Most importantly, special characters should be interspersed among numbers and letters.

1Password! is an example of a password that includes all of those recommendations, but is definitely not a strong password, because it’s obviously a commonly recognizable word that begins with a number and ends in a (meaningful) special character. You should avoid common words, and I’d even suggest avoiding the use of the number 1 and the exclamation point.

To create a completely random password, you can use a site like random.org. If you’re super careful bordering on paranoid, you can use two or more password generator sites and combine parts of the generated password from each. I can’t guarantee this method will create an easy to remember password, though. For ideas to create a strong password you can remember, check out How to Create a Strong Password You Can Remember.

*Funny note: While writing this blog entry we got an automated notice from our TrekVisual security program to notify us that one of our sites was undergoing a brute force attack. Username they tried? admin