Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 429
  • Last Modified:

How much secure is a password conting a repeted two 7-digits with a letter between?

How much secure is a password conting a repeted two 7-digits with a letter between? example :6095283r6095283 .
0
brokenlove
Asked:
brokenlove
  • 3
  • 3
  • 2
  • +7
8 Solutions
 
FriarTukCommented:
if it finds the hash for either side (ie the #'s), then the other side will be instant & 1 letter is easy

a good pswd shoulb be 8 digits or more
has combo of letters (upper & lower), numbers, & special characters (with out any known words in a dictionary -nor names or personally related #'s like phone, addr, etc)

ex:  iculo0kn@mE2
0
 
lrmooreCommented:
According to "experts" there is no correlation between complexity and difficulty to break. The *only* relative criteria is password length.
Example:
"My mother was born in March"  <== yes spaces can be used in a passphrase
With 27 characters is much more difficult to break than any 15-digit password regardless of complexity or combinations of digits, numbers, letters, capitals, or other
Myg00DPa$$w0rD at 14 characters with combinations of lower case, uppper case, numbers and other ($$) is more likely to be cracked than a 16 letter passphrase that is easy to remember.
 
0
 
publicCommented:
>According to "experts" there is no correlation between complexity and difficulty to break.

Maybe if an algorithmic method is used. On the other hand the passphrase may be broken quickly using social engineering methods if you have used a similar strategy before.
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
Ryan_RCommented:
if you use an 8 character password that's not a dictionary word (has letters and numbers and characters) it will take approx 59 years for a pc to figure it out (year 11 exam knowledge here)

i doubt that the password is secure now that weve all seen it     ;-)

also make sure that you can remember it
0
 
fm250Commented:
It also depends on your OS, so if you have linux box only first 8 chars are used in the password, the rest are ignored.
- The best practice however is to have mixed of letters and numbers and spcicial charaters and easy for the user to remember for example: Fr33b1rd = free bird.
- make sure that you train your users to not to send their password through emails or post them to thier screens.
- always moniter security logs and services
- don't allow week passwords, remember that hackers start from nothing then using any user account, then get to admin or root user

- always update your software and services, since most hackers don't actually run password crakers for years, but instead uses flows and bugs to get to admin account easily.


hope this helps!
0
 
Erik BjersPrincipal Systems AdministratorCommented:
It's been said, but I'm going to say it again... a password with a repeated 7 digits with a letter between is not secure.

I also agree that a combo of at least 3 of the character types is a good idea (CAPITAL, lowercase, numbers 1234..., special chars !@#$%^&...) is important.  Also avoide dictonary words or phrases as these are easier to crack.  Replace letters with other characters like; a=@ or &, e= 3, c=(, i = ! or 1 and so on.  This makes passwords easier to remeber but harder to crack.  Also come up with your own letter - char combos, and don't replace every letter with a char (if you have 2 a only replace one of them).

All this will give you a secure password.

ex: P&$$uu0rD is a strong password (I woulden't use it... but gives you some ideas on char replacment)

eb
0
 
carl_legereCommented:
a rainbow will have the 7 numbers hashed, indeed which will make finding the hash of the whole thing (15 characters) a breeze.  What is cool though is all the wasted time trying 9 digits, then 10 then 11, 12,13,14...
on my cracker (dual P4 2.8) that would add about 2 days.
0
 
scrathcyboyCommented:
If you added 2 more letters and two capical letters into that mainly number string, your password would count as MAXIMUM encrytion security on the mocrosoft scale of login password security.  As it is now, with only one letter in lower case, it only qulaifies for "low" strength encryption.  Two more lower case, makes it "medium", and add 2-3 upper case letters, and it now makes "maximum" strength encryption.
0
 
scrathcyboyCommented:
OH and BTW, sorry to disagree with you all above, but MS has debugged the most secure passwords, and they include a serious number of upper and lower case letters in addition to numbers, so all the comments above, about password length is the "only" consideration, to "it doesnt matter", sorry to say you are all wrong, even lrmoore -- according to microsoft.  And after all, MS is right, so how can we mere contributors question what microsoft has delivered to us ?
0
 
Erik BjersPrincipal Systems AdministratorCommented:
I would only use the string of numbers once, or atleast reverse the second string.
0
 
Erik BjersPrincipal Systems AdministratorCommented:
Agree with scrathcyboy, length is not the only important factor use of complexity is very important.

eb
0
 
stalkerzCommented:
Having a password that is long and complex is the best option. A brute force password cracker will always start testing passwords with say: AAAAA then AAAAB, AAAAC and so forth till it run's through the alphabet, numbers etc.
So say it takes 5 hours to get to APPPP when brute forcing, then it would take much longer to get to AZZZZ right.
From this I would say a good rule of thumb is when using letters, to try use one's that are near the end of the alphabet, this will increase the time it takes to brute force your password.
0
 
carl_legereCommented:
interesting that the definative source of authority on passwords, according to Scrathcyboy is.. ah hem Microsoft?
0
 
NAORCCommented:
http://www.securitystats.com/tools/password.php

use this tool to check the strengths of your password.
0
 
fm250Commented:
Don't use the above link provided by NAORC for real password though. you may be  at risk if somebody is capturing the bakets. use it for test and read the rest of the page, the DO’S and DONT’S. it gives you the guidlines
0
 
scrathcyboyCommented:
you are appreciating my dry sense of humour, Carl :)
0
 
Ryan_RCommented:
on behalf of everyone who is sleeping on the other side of the world right now (or at least should be sleeping) thanks for the points
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 3
  • 3
  • 2
  • +7
Tackle projects and never again get stuck behind a technical roadblock.
Join Now