home page
home page
Archived article from the year 2000
"Your data has a social life too"


Privacy at work

Your ISP logs

Good passwords


Shopping online

Main data menu

home page

Think your passwords are safe? There are scores of password cracking programmes available on hacking sites, many of them made in Russia.

I've seen a tiny password cracker break Word and Excel access passwords in a fraction of a second.

At least give them a bit of work to do. Choose good passwords.

Good and bad passwords

Passwords are the weak point of security. Ask any hacker.

Special programs exist to crack passwords. They're very good. The passwords that most people use can be cracked in a few minutes. A recent figure I saw was 80% within 18 minutes.

If you want a high security password, here are the rules:

  1. Don't use any word that can be found in a regular dictionary.
  2. Don't use any name that can be found in a dictionary of names.
  3. If you're allowed to, include at least one special character (like %?!@#)
  4. Include at least one numeral.
  5. Include at least one capital letter, preferably not the first letter.
  6. Don't use any numerals that relate to your birthday or other personal information.
  7. For ultimate security, use the maximum number of characters allowed.
  8. Change your password regularly - at least once a month.

This is a hell of a palaver and not surprisingly most people can't be bothered with it. But you can come to a decent compromise. Here's an example of a medium security password.


This can easily be remembered as "To attAck".

Or even better (because it's a bit longer):


This can be remembered as "Gates Is A Star" (nice password, not sure about the sentiment).

A password cracking program working at 500 passwords a second would take on average 600 years to break this seven character password.

And by comparison...

Regular words and names are the first items a cracking program checks. It simply sticks in every word and name from its 60,000 word dictionary to see if one of them fits. If your password is one of the 60,000, no matter whether it's long or short, it will be cracked within a matter of minutes.

Let's take the bad example of the passworkd "michael", which is seven characters long (just like our previous example of G8sIsA*). Only now it doesn't take 600 years to crack. It takes - hold your breath - less than two minutes.

Clearly a good password offers an entirely different level of security to a bad one.


Code-breaking by state authorities

Monitoring by authorities

Email - as private as a postcard

Personal data
Mobile phones


About TinHat
Privacy policy

copyright Foxglove Media Ltd 2002. See disclaimer and republishing guidelines.