1
00:00:00,200 --> 00:00:03,000
Passwords. Easily Explained.
2
00:00:03,000 --> 00:00:05,420
It has to be longer than 8 digits.
3
00:00:05,420 --> 00:00:07,340
It has to have capital letters.
4
00:00:07,340 --> 00:00:10,740
And don't forget numbers and special characters.
5
00:00:10,840 --> 00:00:12,680
And now, don't forget it.
6
00:00:12,780 --> 00:00:14,780
But never write it down!
7
00:00:14,780 --> 00:00:17,240
And please change it once a month of course.
8
00:00:17,240 --> 00:00:20,460
For every device and account a new one.
9
00:00:20,460 --> 00:00:25,020
Phew! Why does this "password thing" always have to be so complicated?
10
00:00:25,020 --> 00:00:29,520
How is it possible to come up with a password that is safe and easy to remember?
11
00:00:29,520 --> 00:00:32,800
For this purpose, it's good to understand how a password works
12
00:00:32,800 --> 00:00:34,800
and how it's cracked.
13
00:00:34,800 --> 00:00:38,820
You can imagine a password like the digits for a combination lock:
14
00:00:38,820 --> 00:00:41,680
And just like the digits here
15
00:00:41,680 --> 00:00:43,460
it's important that you don't use a combination
16
00:00:43,460 --> 00:00:46,440
that is easy to guess.
17
00:00:46,440 --> 00:00:47,360
Like your Birthday.
18
00:00:47,360 --> 00:00:49,760
Or the name of your friend, child, pet.
19
00:00:49,760 --> 00:00:53,280
Researching these on the web is quite easy.
20
00:00:53,280 --> 00:00:55,660
The big difference to a combination lock is
21
00:00:55,660 --> 00:00:59,680
that the hard work of trying combinations can be done by a computer.
22
00:00:59,680 --> 00:01:03,260
If a machine tries to guess your password online
23
00:01:03,260 --> 00:01:06,400
it hopefully get's blocked after a couple of tries.
24
00:01:06,400 --> 00:01:08,160
But if that's not the case,
25
00:01:08,160 --> 00:01:11,500
when a database gets stolen
26
00:01:11,500 --> 00:01:13,500
for example.
27
00:01:13,500 --> 00:01:17,240
The computer will have direct access to the lock.
28
00:01:17,240 --> 00:01:19,180
Then even an old notebook
29
00:01:19,180 --> 00:01:22,400
can try billions of passwords every second.
30
00:01:22,400 --> 00:01:26,240
And of course the attackers start with a list of the most frequently used passwords.
31
00:01:26,240 --> 00:01:29,620
And then try every single word in any language
32
00:01:29,620 --> 00:01:34,400
slang and with variations by using dictionaries
33
00:01:34,400 --> 00:01:36,880
and encyclopedias. That only takes a couple of seconds.
34
00:01:36,880 --> 00:01:39,340
This is the reason why you should use an
35
00:01:39,340 --> 00:01:42,100
"uncommon combination" of
36
00:01:42,100 --> 00:01:44,560
letters, numbers and special characters.
37
00:01:44,560 --> 00:01:47,040
Then the computer has to "manually"
38
00:01:47,040 --> 00:01:50,340
try out every single combination.
39
00:01:50,340 --> 00:01:55,700
This is called a "brute force attack".
40
00:01:55,700 --> 00:01:59,460
And if your password has 10 letters
41
00:01:59,460 --> 00:02:01,280
in only takes a couple of hours
42
00:02:01,280 --> 00:02:03,980
until the combinations is cracked.
43
00:02:03,980 --> 00:02:07,140
But if you just add one more letter
44
00:02:07,140 --> 00:02:09,600
it will take as long as twenty days.
45
00:02:09,600 --> 00:02:13,320
Because with every digit that you add, time increases exponentially.
46
00:02:13,320 --> 00:02:14,620
Five more digits
47
00:02:14,620 --> 00:02:19,460
and even ten computers need more than 2 400 years
48
00:02:19,460 --> 00:02:21,460
to crack your password.
49
00:02:21,460 --> 00:02:24,480
If you extend the "lock" also
50
00:02:24,480 --> 00:02:26,900
by making the "wheels" larger.
51
00:02:26,900 --> 00:02:29,580
By adding capital letters and numbers.
52
00:02:29,580 --> 00:02:33,360
Those ten computers would need around 1.1 billion years
53
00:02:33,360 --> 00:02:37,300
to crack a password with 15 digits.
54
00:02:37,300 --> 00:02:39,060
Unfortunately
55
00:02:39,060 --> 00:02:44,300
"nzb6Xrtc57l1mnk"
56
00:02:44,300 --> 00:02:46,600
is so hard to remember.
57
00:02:46,600 --> 00:02:48,400
That's why it's helpful
58
00:02:48,400 --> 00:02:50,600
to think of a "passphrase"
59
00:02:50,600 --> 00:02:53,440
instead of a password.
60
00:02:53,440 --> 00:02:55,900
Because phrases are easier to remember -
61
00:02:55,900 --> 00:02:59,540
and usually longer than words.
62
00:02:59,540 --> 00:03:00,920
For example
63
00:03:00,920 --> 00:03:05,720
"30dividedby10=Three"
64
00:03:05,720 --> 00:03:06,820
or:
65
00:03:06,820 --> 00:03:13,860
"A Passphrase features more security > a Password"
66
00:03:13,860 --> 00:03:15,600
or simply:
67
00:03:15,600 --> 00:03:20,540
"This is my Passphrase for E-Mails".
68
00:03:20,540 --> 00:03:23,000
With these you will have more than 15 digits
69
00:03:23,000 --> 00:03:24,720
small and capital letters
70
00:03:24,720 --> 00:03:27,600
and in most cases even special characters.
71
00:03:27,600 --> 00:03:30,600
Cracking such a passphrase with "brute force"
72
00:03:30,600 --> 00:03:33,480
takes atleast a couple of thousand years.
73
00:03:33,480 --> 00:03:37,300
Yet you can easily remember it.
74
00:03:38,420 --> 00:03:43,820
Alright. Have fun coming up with your own phrases ;-)
75
00:03:43,820 --> 00:03:48,620
Because you shouldn't use the examples from this video
76
00:03:48,620 --> 00:03:50,620
alright... that's enough.
77
00:03:50,620 --> 00:03:52,620
It's enough.
78
00:03:52,620 --> 00:03:55,180
Thank you for watching.
79
00:03:55,180 --> 00:03:58,440
You can find more info and references
80
00:03:58,440 --> 00:04:01,480
concerning passphrases
81
00:04:01,540 --> 00:04:05,000
in the video description.
82
00:04:07,000 --> 00:04:09,360
I will stop talking now.
83
00:04:09,420 --> 00:04:12,900
...