The password cracking process involves getting the site's pre-stored hash and decrypting it using a password cracking application. These programs generally utilize a brute-force cracking method and/or a wordlist cracking method. Brute-force simply starts trying every possible combination in alphabetical order. The wordlist cracking method is when the program uses a list of common words and number combinations to acquire the password. The password cracking program runs the hash against the list of password combinations until it finds a match. The password can then be used to provide unauthorized access to the account.
Trying to run a password cracking tool on an actual website will not work as nearly all sites now set limits to the number of invalid passwords that can be entered. Usually around 3-5 attempts are all you get before the site will lock the account or make you wait a specified amount of time before attempting to login again.
Ars Technica performed another test after this, using three "cracking experts" to attempt to crack a list of over 16,000 passwords. One of the men was able to successfully retrieve 90% of all passwords in just 20 hours! Another got 82% in just a little over an hour and the other got 62% in an hour.
Passwords should never be less than 6 characters long and personally, I prefer 12 or more. As you can see by the chart above, a password of 7 characters, using a combination of numbers, letters and special characters can be cracked in a little over a week. But look at the jump from 7 to 8 characters. Suddenly that week has turned into 27 months. A password of 12 characters or more would take astronomically longer than that to crack. But the problem is- people want convenience. The don't want to have to try to remember dT^Nsq#c*hl$bV when they can just remember something like MyFordRocks73 or iLuvJesus2013. These passwords will be cracked extremely fast. The Top 25 list of most commonly used passwords in 2012 is a chilling reminder of just how common the most popular passwords are. These passwords should NEVER be used. If you want to make sure your password isn't on any common list, avoid the top 10,000 most commonly used password list as well. To find out how secure your password is, you can test it on sites such as https://howsecureismypassword.net/ which will tell you how strong it is and approximately how long it will take for a cracker to successfully decrypt it.
- How to crack zip file password (alexwillscorp.wordpress.com)
- Cracking 16 Character Strong Passwords (g33kcoder.wordpress.com)
- Hackers crack over 16,000 passwords with 90 per cent success (itproportal.com)
- The Easiest Ways Not to Get Hacked (theatlanticwire.com)
- Think you have a strong password? Hackers crack 16-character passwords in less than an hour (thisismoney.co.uk)
- How to set up and use BlackBerry Password Keeper (helpblog.blackberry.com)
- Anatomy of a hack: even your 'complicated' password is easy to crack (wired.co.uk)
- How Passwords Get Hacked & Why You Should Be Concerned (simplyzesty.com)
- New tool cracks Apple iWork passwords (reviews.cnet.com)