Orange County, CA – I just read a summary of research on secure passwords vs. weak ones that get hacked. If you are looking to create your own secret password or if you are a network administrator looking to enforce secure password policy then read on. These results are from a study on 10 million passwords that have been breached in recent years.
In summary, if you want a weak password, then use:
- Words
- Names
- Verbs
- Colors
- Animals
- Fruits
- “Love” phrases
- Superheroes
- And days of the week
- Leet speak, the act of using informal language or code in which standard letters are often replaced by numerals or special characters such as “n00b” or “gue55able”
- Most importantly, don’t use patterns on your keyboard or phone dialer pad. Those are at the very top of the list of quickly decoded passwords.
Easily broken passwords that fit the above criteria were broken by password crackers in anywhere from 10 to 32 seconds, these are passwords like “s3ash311” (seashell) broken in 15.6 seconds, “Indiana” in 9.8 seconds and “123456” in 0 seconds. Password crackers can test up to 300,000 passwords per second. Conversely a password like “cba75c2d4 took four days and “ns8vfpobzmx098f4coj” would take centuries.
Image care of WordPress
The strongest passwords avoid predictable patterns and any of the traits in the bullet list above. The current average password length is eight characters. To create a strong password you need to go longer. Here are my basic suggestions after reading the results of the password study.
Your password should be:
- At least 10 characters long
- Avoid patterns. Patterns would be any of the characteristics cited above
- Don’t just add a number or two to the end of a predictable word or pattern, those are busted easily, too
- Mix upper and lower case
- Mix in numbers
- Use special characters, for example &, #, $, ), @
When you follow these recommendations you will be in the top 1% of the most secure passwords. I can tell you after reading this study I am already making a change to how I select passwords.
If you wish to read more on this study and the issues around passwords than click here for Unmasked: What 10 million passwords reveal about the people who choose them. It is a fascinating report.
Smoke testing is a term used to describe the testing process for servers after patches are applied. 
Estimating an average time for patching servers and PCs can be a bit tricky. It can vary from one month to the next, depending upon the number and complexity of the patches released by your software vendors. You must consider all versions of operating systems and have a complete inventory of all your application software to do this job correctly. Our experience has shown that manual patching of systems takes on average of about 1.5 hours each.
This is a basic cost calculator for you to compute your typical monthly cost for patching your servers, PCs, laptops, tablets and associated application software. It also forms the basis for you to begin calculating your Return on Investment for software patching, or for comparison with alternatives to the manual process of patching operating systems and application software—such as Patch Management as a Service, also known as Vulnerability Management as a Service.