NSA-Proofing Your Passwords

Email Print

Silent Circle has a password test – you don’t need to sign up to test a password in the upper right. Note that longer passphrases, even if they are only lower case characters, are tougher to crack than shorter passwords with all sorts of numbers and non-characters.


8 Character Randomized Password: T0u%p@s5
Time to crack: 14 minutes

17 Character Passphrase: rockwell is right
Time to crack: 4 Days

26 Character Passphrase: The Country Is Not The Government!
Time to crack: centuries

Even with a passphrase take the extra security step and modify it with an algorithm you derive for every site. That way if a site is storing or transmitting passwords in cleartext (both big no-no’s but it happens), your password will not be known for all sites.

Example – apple.com starts with “a” the 1st letter in the alphabet, so my passphrase might become
1The Country Is Not The Government! <- note that I pre-pended number 1 at the start of the passphrase. I’d recommend adding at least 2 characters via your algorithm.

Bottom Line: Make your passwords longer by using a passphrase rather than a shorter but “harder” password. Most sites will allow you to enter very long passphrases, think of the minor investment in time versus the risk of identity theft, account takeover, and the extra time and resources for the government to snoop on you.

10:31 am on July 31, 2013
  • LRC Blog

  • Podcasts