A friend and colleague recently wrote a great piece on Internet security and privacy best practices, which will eventually be posted on the Cocoon website. Reading it, got me thinking about just how strong are various passwords?

Hopefully most people know not to use passwords that are associated with something that can be traced directly back to them with just a bit of research. Birthdates, names of pets, spouse’s name, etc. can all be figured out with a bit of social engineering or access to your Facebook page.

But how effective are words themselves? What about mixed upper and lower case? What if you toss in some numbers? How long would a password-cracking program take to figure them out?

Let’s take a look from info gathered here:

Obviously, the quality of the password cracking code and the amount of computing power will affect the speed of cracking the password. This website breaks it down into six different classes, “A” through “F” with “F” being the best. For my purpose I’m going to use “C”. Good, but not the best.

If your password is 5 characters long and uses . . .

• The full alphabet but doesn’t mix upper and lowercase, the time to “crack” = 12 seconds.
• The full alphabet and numbers 0 through 9 but doesn’t mix upper and lowercase, the time to “crack” = 1 minute.
• The full alphabet and numbers with mixed case, time to “crack” = 15 minutes.
• If we combine the alphabet, numbers, mixed case and use 6 characters instead of 5, time to “crack” goes jumps to 16 hours.
• If we go to 8 characters and throw in symbols like # % & *, the time to “crack” jumps to 94 years!

Bottom line, you need at least 6 characters, a mix of numbers and cases, and toss in a special character for good measure. And one more thing, don’t use the same password for every website.

Wow. It’s not easy out there! Stay tuned for more info on best internet security practices.