WEBVTT

00:00:00.200 --> 00:00:03.000
Passwords. Easily Explained.

00:00:03.000 --> 00:00:05.420
It has to be longer than 8 digits.

00:00:05.420 --> 00:00:07.340
It has to have capital letters.

00:00:07.340 --> 00:00:10.740
And don't forget numbers and special characters.

00:00:10.840 --> 00:00:12.680
And now, don't forget it.

00:00:12.780 --> 00:00:14.780
But never write it down!

00:00:14.780 --> 00:00:17.240
And please change it once a month of course.

00:00:17.240 --> 00:00:20.460
For every device and account a new one.

00:00:20.460 --> 00:00:25.020
Phew! Why does this "password thing" always have to be so complicated?

00:00:25.020 --> 00:00:29.520
How is it possible to come up with a password that is safe <i>and</i> easy to remember?

00:00:29.520 --> 00:00:32.800
For this purpose, it's good to understand how a password works

00:00:32.800 --> 00:00:34.800
and how it's cracked.

00:00:34.800 --> 00:00:38.820
You can imagine a password like the digits for a combination lock:

00:00:38.820 --> 00:00:41.680
And just like the digits here

00:00:41.680 --> 00:00:43.460
it's important that you don't use a combination

00:00:43.460 --> 00:00:46.440
that is easy to guess.

00:00:46.440 --> 00:00:47.360
Like your Birthday.

00:00:47.360 --> 00:00:49.760
Or the name of your friend, child, pet.

00:00:49.760 --> 00:00:53.280
Researching these on the web is quite easy.

00:00:53.280 --> 00:00:55.660
The big difference to a combination lock is

00:00:55.660 --> 00:00:59.680
that the hard work of trying combinations can be done by a computer.

00:00:59.680 --> 00:01:03.260
If a machine tries to guess your password online

00:01:03.260 --> 00:01:06.400
it hopefully get's blocked after a couple of tries.

00:01:06.400 --> 00:01:08.160
But if that's not the case,

00:01:08.160 --> 00:01:11.500
when a database gets stolen

00:01:11.500 --> 00:01:13.500
for example.

00:01:13.500 --> 00:01:17.240
The computer will have direct access to the lock.

00:01:17.240 --> 00:01:19.180
Then even an old notebook

00:01:19.180 --> 00:01:22.400
can try billions of passwords every second.

00:01:22.400 --> 00:01:26.240
And of course the attackers start with a list of the most frequently used passwords.

00:01:26.240 --> 00:01:29.620
And then try every single word in any language

00:01:29.620 --> 00:01:34.400
slang and with variations by using dictionaries

00:01:34.400 --> 00:01:36.880
and encyclopedias. That only takes a couple of seconds.

00:01:36.880 --> 00:01:39.340
This is the reason why you should use an

00:01:39.340 --> 00:01:42.100
"uncommon combination" of

00:01:42.100 --> 00:01:44.560
letters, numbers and special characters.

00:01:44.560 --> 00:01:47.040
Then the computer has to "manually"

00:01:47.040 --> 00:01:50.340
try out every single combination.

00:01:50.340 --> 00:01:55.700
This is called a "brute force attack".

00:01:55.700 --> 00:01:59.460
And if your password has 10 letters

00:01:59.460 --> 00:02:01.280
in only takes a couple of hours

00:02:01.280 --> 00:02:03.980
until the combinations is cracked.

00:02:03.980 --> 00:02:07.140
But if you just add one more letter

00:02:07.140 --> 00:02:09.600
it will take as long as twenty days.

00:02:09.600 --> 00:02:13.320
Because with every digit that you add, time increases exponentially.

00:02:13.320 --> 00:02:14.620
Five more digits

00:02:14.620 --> 00:02:19.460
and even ten computers need more than 2 400 years

00:02:19.460 --> 00:02:21.460
to crack your password.

00:02:21.460 --> 00:02:24.480
If you extend the "lock" also

00:02:24.480 --> 00:02:26.900
by making the "wheels" larger.

00:02:26.900 --> 00:02:29.580
By adding capital letters and numbers.

00:02:29.580 --> 00:02:33.360
Those ten computers would need around 1.1 billion years

00:02:33.360 --> 00:02:37.300
to crack a password with 15 digits.

00:02:37.300 --> 00:02:39.060
Unfortunately

00:02:39.060 --> 00:02:44.300
"nzb6Xrtc57l1mnk"

00:02:44.300 --> 00:02:46.600
is so hard to remember.

00:02:46.600 --> 00:02:48.400
That's why it's helpful

00:02:48.400 --> 00:02:50.600
to think of a "passphrase"

00:02:50.600 --> 00:02:53.440
instead of a pass<i>word</i>.

00:02:53.440 --> 00:02:55.900
Because phrases are easier to remember -

00:02:55.900 --> 00:02:59.540
and usually longer than words.

00:02:59.540 --> 00:03:00.920
For example

00:03:00.920 --> 00:03:05.720
"30dividedby10=Three"

00:03:05.720 --> 00:03:06.820
or:

00:03:06.820 --> 00:03:13.860
"A Passphrase features more security &gt; a Password"

00:03:13.860 --> 00:03:15.600
or simply:

00:03:15.600 --> 00:03:20.540
"This is my Passphrase for E-Mails".

00:03:20.540 --> 00:03:23.000
With these you will have more than 15 digits

00:03:23.000 --> 00:03:24.720
small and capital letters

00:03:24.720 --> 00:03:27.600
and in most cases even special characters.

00:03:27.600 --> 00:03:30.600
Cracking such a passphrase with "brute force"

00:03:30.600 --> 00:03:33.480
takes atleast a couple of thousand years.

00:03:33.480 --> 00:03:37.300
Yet you can easily remember it.

00:03:38.420 --> 00:03:43.820
Alright. Have fun coming up with your own phrases ;-)

00:03:43.820 --> 00:03:48.620
Because you shouldn't use the examples from this video

00:03:48.620 --> 00:03:50.620
alright... that's enough.

00:03:50.620 --> 00:03:52.620
It's enough.

00:03:52.620 --> 00:03:55.180
Thank you for watching.

00:03:55.180 --> 00:03:58.440
You can find more info and references

00:03:58.440 --> 00:04:01.480
concerning passphrases

00:04:01.540 --> 00:04:05.000
in the video description.

00:04:07.000 --> 00:04:09.360
I will stop talking now.

00:04:09.420 --> 00:04:12.900
...