This is for my work computer account. It doesn’t have two factor authentication at my desktop, but has a three fails and you’re locked out. Have to call IT. Plus have to change it on a regular basis. Those are alternative methods to protect access in addition to the password.
Oh, I bet even less than that.
400 decillion (4 x 1035) years for the passwords I generate using my standardized method, for sites which do not have limits on the number of characters for the password. Of course, I never memorize those passwords, and just consign them to my password manager.
10 trillion years for the master password which locks the password manager, this one I actually committed to memory as well as muscle memory.
Of course, no need to use a supercomputer to crack them, all of these passwords can be easily defeated with rubber-hose / iron chair / [insert torture instrument of choice] cryptography.
D’oh! So much for it being a great mnemonic device.
Though 4 words can go in, what, 16 possible combos? I’ve done worse trying to remember passwords. I’m not sure how long 15 wrong tries on an Apple device would lock you out for- a year maybe?
Accounts I care about use a format that looks like (on average) 93 trillion years to crack.
Accounts I don’t care about use the same password which would take about 3 days to crack. If an Estonian hacker ring wants to break into some video game forum I last used in 2013 and post as me, that’s just the chance I take.
Also, for those worried that this site could be harvesting passwords, I just used a “close enough” variant with the same character length and format.
This.
Also, there’s no way i would remember a bunch of passwords like “correct horse battery staple”. My aim is to not be the lowest hanging fruit.
For one of mine, 100 trillion years. For another, three months.
Anybody that lucky doesn’t need to hack your password. They’d be too rich to even try.
More realistically, that security.org site seems to date to 2020. Unless they’re updated their procedure since as computers grow faster their dates are wildly off. The only useful information they provide for the ordinary user is that longer is better.
Time changes everything.
In 2002 the recommended key length for RSA was 1024 bits. This was updated to 2048 bits in 2015. That’s now considered way too weak. Lots of experts I respect suggest dropping RSA entirely.
Youi should assume your password is secure for at most decades.
Like I’m gonna be able to tell them what it is?
If we’re all still shopping on Amazon in 2055, I’m gonna be mad.
Sears lasted 113 years as an independent company then limped along a further 13 years as KMart’s plaything before declaring BK, and then limping even more weakly for another 5 years to today, but is/are still barely in existence today. The roach has been stomped a time or three but is still squirming.
They defined American retailing for a long time.
Amazon is 29 years old now. The world moves faster now. Maybe. In many ways de facto monopolies and market leading positions are harder than ever to dislodge. They sorta have to rot from within (Yahoo anyone?).
I expect Amazon will last a good long time. If it doesn’t exist by that name in a mere 32 years in 2055, it’ll be because of mergers and renames, not because the whole edifice has collapsed. IMO YMMV.
I use a password manager which randomly generates a different password for every site. I do have a few I use the random words on, and I love them because they are silly. If it’s a stupid site I’ll use the old, basic password but my important accounts, including email, use very strong, distinct passwords. I’m not entering them into that site to find out how strong they are!
That’s actually all I really need.
- There are four choices for the first word, three for the second, and two for the third (and then just one for the last word, of course).
Right order of magnitude, anyway.
itwasthebestoftimesitwastheblurstoftimes
300 undecillion years.
Sometimes all it takes to make a password stronger is a thousand monkeys working at a thousand typewriters.
Whew. Math is not my strong suit, so if I was off by an entire order of magnitude that would’ve really been embarrassing.
OMG! That’s the answer! 42 is actually the password!
I’ve never had a problem with Password123! either. But that’s pretty secure anyway, right? It’s got uppercase, lowercase, numbers, and a special character.
Absolutely. The hackers are busy trying things like 3@%dkap&ekjwo+!