One of the key elements in securing or data and our identities is the use of strong passwords. Using passwords that can’t be guessed—unlike the perennial favorites 123456 or password—helps ensure that hackers and cybercriminals can’t access your computer, mobile device, or websites where you’ve created accounts, and can’t steal your identity to pretend to be you, or empty your bank account.
Simple passwords can be cracked using brute force; this is where an attacker uses tools that try every possible password until the correct one is found. This generally done using a dictionary attack, where an attacker will try known passwords and words until they find the one that unlocks an account. There are databases available on the internet that contain personal names as well as dictionary and slang words, in scores of languages, along with passwords found in data breaches, and more. One such database that I found through a simple web search contains 1.4 billion entries.
But many people use unique, random passwords, such as m3*9V-jh&3W (which I just generated with my password manager), and these passwords are generally not found in databases—unless you use them for multiple websites, and one of those sites has been breached. (This is why you should never reuse the same password for more than one account.) Cracking this sort of password requires much more computing power. Estimates vary, but, as an example, cracking the password above would take a couple hundred thousand years using a standard computer, or a few years using a supercomputer or botnet.
But what will happen when quantum computers become more common? These passwords could be cracked in minutes, or even seconds.
Read the rest of the article on The Mac Security Blog.