0:00:00.200,0:00:03.000
Passwords. Easily Explained.

0:00:03.000,0:00:05.420
It has to be longer than 8 digits.

0:00:05.420,0:00:07.340
It has to have capital letters.

0:00:07.340,0:00:10.740
And don't forget numbers and special characters.

0:00:10.840,0:00:12.680
And now, don't forget it.

0:00:12.780,0:00:14.780
But never write it down!

0:00:14.780,0:00:17.240
And please change it once a month of course.

0:00:17.240,0:00:20.460
For every device and account a new one.

0:00:20.460,0:00:25.020
Phew! Why does this "password thing" always have to be so complicated?

0:00:25.020,0:00:29.520
How is it possible to come up with a password that is safe <i>and</i> easy to remember?

0:00:29.520,0:00:32.800
For this purpose, it's good to understand how a password works

0:00:32.800,0:00:34.800
and how it's cracked.

0:00:34.800,0:00:38.820
You can imagine a password like the digits for a combination lock:

0:00:38.820,0:00:41.680
And just like the digits here

0:00:41.680,0:00:43.460
it's important that you don't use a combination

0:00:43.460,0:00:46.440
that is easy to guess.

0:00:46.440,0:00:47.360
Like your Birthday.

0:00:47.360,0:00:49.760
Or the name of your friend, child, pet.

0:00:49.760,0:00:53.280
Researching these on the web is quite easy.

0:00:53.280,0:00:55.660
The big difference to a combination lock is

0:00:55.660,0:00:59.680
that the hard work of trying combinations can be done by a computer.

0:00:59.680,0:01:03.260
If a machine tries to guess your password online

0:01:03.260,0:01:06.400
it hopefully get's blocked after a couple of tries.

0:01:06.400,0:01:08.160
But if that's not the case,

0:01:08.160,0:01:11.500
when a database gets stolen

0:01:11.500,0:01:13.500
for example.

0:01:13.500,0:01:17.240
The computer will have direct access to the lock.

0:01:17.240,0:01:19.180
Then even an old notebook

0:01:19.180,0:01:22.400
can try billions of passwords every second.

0:01:22.400,0:01:26.240
And of course the attackers start with a list of the most frequently used passwords.

0:01:26.240,0:01:29.620
And then try every single word in any language

0:01:29.620,0:01:34.400
slang and with variations by using dictionaries

0:01:34.400,0:01:36.880
and encyclopedias. That only takes a couple of seconds.

0:01:36.880,0:01:39.340
This is the reason why you should use an

0:01:39.340,0:01:42.100
"uncommon combination" of

0:01:42.100,0:01:44.560
letters, numbers and special characters.

0:01:44.560,0:01:47.040
Then the computer has to "manually"

0:01:47.040,0:01:50.340
try out every single combination.

0:01:50.340,0:01:55.700
This is called a "brute force attack".

0:01:55.700,0:01:59.460
And if your password has 10 letters

0:01:59.460,0:02:01.280
in only takes a couple of hours

0:02:01.280,0:02:03.980
until the combinations is cracked.

0:02:03.980,0:02:07.140
But if you just add one more letter

0:02:07.140,0:02:09.600
it will take as long as twenty days.

0:02:09.600,0:02:13.320
Because with every digit that you add, time increases exponentially.

0:02:13.320,0:02:14.620
Five more digits

0:02:14.620,0:02:19.460
and even ten computers need more than 2 400 years

0:02:19.460,0:02:21.460
to crack your password.

0:02:21.460,0:02:24.480
If you extend the "lock" also

0:02:24.480,0:02:26.900
by making the "wheels" larger.

0:02:26.900,0:02:29.580
By adding capital letters and numbers.

0:02:29.580,0:02:33.360
Those ten computers would need around 1.1 billion years

0:02:33.360,0:02:37.300
to crack a password with 15 digits.

0:02:37.300,0:02:39.060
Unfortunately

0:02:39.060,0:02:44.300
"nzb6Xrtc57l1mnk"

0:02:44.300,0:02:46.600
is so hard to remember.

0:02:46.600,0:02:48.400
That's why it's helpful

0:02:48.400,0:02:50.600
to think of a "passphrase"

0:02:50.600,0:02:53.440
instead of a pass<i>word</i>.

0:02:53.440,0:02:55.900
Because phrases are easier to remember -

0:02:55.900,0:02:59.540
and usually longer than words.

0:02:59.540,0:03:00.920
For example

0:03:00.920,0:03:05.720
"30dividedby10=Three"

0:03:05.720,0:03:06.820
or:

0:03:06.820,0:03:13.860
"A Passphrase features more security &gt; a Password"

0:03:13.860,0:03:15.600
or simply:

0:03:15.600,0:03:20.540
"This is my Passphrase for E-Mails".

0:03:20.540,0:03:23.000
With these you will have more than 15 digits

0:03:23.000,0:03:24.720
small and capital letters

0:03:24.720,0:03:27.600
and in most cases even special characters.

0:03:27.600,0:03:30.600
Cracking such a passphrase with "brute force"

0:03:30.600,0:03:33.480
takes atleast a couple of thousand years.

0:03:33.480,0:03:37.300
Yet you can easily remember it.

0:03:38.420,0:03:43.820
Alright. Have fun coming up with your own phrases ;-)

0:03:43.820,0:03:48.620
Because you shouldn't use the examples from this video

0:03:48.620,0:03:50.620
alright... that's enough.

0:03:50.620,0:03:52.620
It's enough.

0:03:52.620,0:03:55.180
Thank you for watching.

0:03:55.180,0:03:58.440
You can find more info and references

0:03:58.440,0:04:01.480
concerning passphrases

0:04:01.540,0:04:05.000
in the video description.

0:04:07.000,0:04:09.360
I will stop talking now.

0:04:09.420,0:04:12.900
...