
And how to fix it.

Why Your Password Sucks

Rank These Passwords by “secureness”

•Missouri• Fr33 b33r• F(3)*4%1q1Ff!• hotwings are awesome

Ranked by security…

• hotwings are awesome• F(3)*4%1q1Ff!• Fr33 b33r•Missouri

We told you a great password is..

• 8 Characters Long.• Has a few symbols.• Has uppercase letters.• Has lowercase letters.• Has a number in it.

We told you a great password isn't…

• A word in the dictionary.• Your dogs name.• Your kids names.• Your favorite sports team. • Anything easy to remember

We told you these rocked…


We were wrong!!!!(Seriously)

The truth is they suck…

• 2K1ds@hm– Can be cracked in 1.12

Minutes• <3Truman– Can be cracked in 1.22


All times taken from

Why did we lie to you?

• 5 years ago brute forcing passwords was nearly impossible.

• If your password wasn’t in the dictionary you were pretty safe.

Then along came Amazon

• $1.60 an hour I can have the power of 8 3.0 GHZ server at my disposal. – Can processes a billion passwords

attempts second.

At that speed…

• A 8 character password can be brute forced in under 90 seconds.

How do we fix it?



How do we fix it?



Rules for a good passphrase

• At least 15 characters long.– The longer the better.• “That’s what she said?”

• Use whatever words you want.• Make it easy to remember.

My last passphrase was…

• Landon loves to swing

That passphrase is…

• 21 characters long• It would take 1.06 hundred thousand trillion centuries to brute force using an Amazon cluster.

In five years…

• Computers will be faster and passphrases will be as crappy as passwords.• Sorry

2FA is next!

• Two Factor Authentication is something you know, and something you have.

Free 2FA

• Facebook • Google•Most Banks

Thank you for your time…

Go change your passphrases!

top related