Skip to content
Orange County, CA – I just read a summary of research on secure passwords vs. weak ones that get hacked. If you are looking to create your own secret password or if you are a network administrator looking to enforce secure password policy then read on. These results are from a study on 10 million passwords that have been breached in recent years.
In summary, if you want a weak password, then use:
- Words
- Names
- Verbs
- Colors
- Animals
- Fruits
- “Love” phrases
- Superheroes
- And days of the week
- Leet speak, the act of using informal language or code in which standard letters are often replaced by numerals or special characters such as “n00b” or “gue55able”
- Most importantly, don’t use patterns on your keyboard or phone dialer pad. Those are at the very top of the list of quickly decoded passwords.
Easily broken passwords that fit the above criteria were broken by password crackers in anywhere from 10 to 32 seconds, these are passwords like “s3ash311” (seashell) broken in 15.6 seconds, “Indiana” in 9.8 seconds and “123456” in 0 seconds. Password crackers can test up to 300,000 passwords per second. Conversely a password like “cba75c2d4 took four days and “ns8vfpobzmx098f4coj” would take centuries.
Image care of WordPress
The strongest passwords avoid predictable patterns and any of the traits in the bullet list above. The current average password length is eight characters. To create a strong password you need to go longer. Here are my basic suggestions after reading the results of the password study.
Your password should be:
- At least 10 characters long
- Avoid patterns. Patterns would be any of the characteristics cited above
- Don’t just add a number or two to the end of a predictable word or pattern, those are busted easily, too
- Mix upper and lower case
- Mix in numbers
- Use special characters, for example &, #, $, ), @
When you follow these recommendations you will be in the top 1% of the most secure passwords. I can tell you after reading this study I am already making a change to how I select passwords.
If you wish to read more on this study and the issues around passwords than click here for Unmasked: What 10 million passwords reveal about the people who choose them. It is a fascinating report.
You want to enter in a fully burdened labor rate for this field. What that means is that you want to take the base hourly rate, plus 25-30% for employer payroll taxes, benefits, vacation/holiday time, etc.
Smoke testing is a type of software testing performed by Alvaka after a software patching sequence to ensure that the system is working correctly and to identify any misconfigurations or conflicts within the patched system.
This is a basic cost calculator for you to compute your typical monthly cost for patching your servers, PCs, laptops, tablets and associated application software. It also forms the basis for you to begin calculating your Return on Investment for software patching, or for comparison with alternatives to the manual process of patching operating systems and application software—such as Patch Management as a Service, also known as Vulnerability Management as a Service.
You want to enter in a fully burdened labor rate for this field. What that means is that you want to take the base hourly rate, plus 25-30% for employer payroll taxes, benefits, vacation/holiday time, etc.
Smoke testing is a term used to describe the testing process for servers after patches are applied.