ASHRAE Society

The Chatter. eBay's blog.

Safety tip: "Passwords are like underwear...

Posted by John McDonald on November 09, 2007 at 02:55 PM in Customer Support Tips , General , Tips & Strategies , Trust & Safety Corner | Permalink

Johnm_post...change yours often."

Did I get your attention? GOOD!

As the guy in charge of Trust & Safety messaging, you might say my job is an uphill battle.  Safety messages are, to be blunt, boring. (This is also one of the reasons why we're making our Security Center friendlier and more inviting.)

Most serious content on the vitally important subject of password security (including eBay's Help page, I'll admit) reads like mom's admonishment to "eat your vegetables" or "clean up your room." We roll our eyes and inwardly groan, "Not another litany about passwords...I know, mom! I KNOW!!"

We often feel like the messages are for someone else. We might even feel a bit patronized by them. "Of COURSE I use strong passwords, duh! My passwords are NOT my birthday, my pet's name, my favorite sports team, or the word 'password123,' so what could possibly go wrong?" we say.

Password_2 Well, plenty.

We can thank the University of Wyoming for taking the subject of password security out of the realm of broccoli and room cleaning. Evidently someone there knows how to grab the attention of the notoriously capricious student mind. Heck, introduce underwear into the conversation - that time-honored, giggle-inducing topic we learn to love in kindergarten - and you make even the most apathetic of users sit up and read. We all are kids at heart, after all.

The picture is from U-Dub's brilliant page on Using Strong Passwords. Once you're done chuckling over the underwear analogies, you'll find that the information is pretty darn serious.

How fast can someone guess your password?
We all know that the bad guys behind phishing and identity theft scams are out to steal our passwords, but thinking that they're hunched over their computers trying out different combinations manually to arrive at our passwords is wrong.

These crooks write software programs that can "guess" passwords far more easily and quickly than you might think. Even desktop personal computers have now become powerful enough that they can process 100,000 encryption operations per second. And here's a sobering statistic: according to the University of Wyoming, if your password has 5 characters and uses only lower-case letters, it can be cracked in under 2 minutes. If it's 6 characters, it takes a bit longer, but it can still be cracked in under an hour!

Times_to_crack_passwords


















The good news is that the longer and more complex your password is, the harder it gets for these rogue software programs to even come close to cracking it.

For instance, if you have an 8-character password that uses a combination of upper and lower case, it will take 17 years of computer processing to crack that password. If you add just one more character to your password, you're significantly upping the ante - the University of Wyoming says that it will take over 800 years to crack a 9 character password made up of upper and lower case letters. And if you throw numerals into the mix as well, the rogue programs will have to grind away even longer.

Is your password strong?
Gif_challenge eBay has technology that detects whether your password is "strong" or not. If you have a password that our technology identifies as prone to being cracked by known patterns used by password-guessing tools, we present an additional layer of authentication to prevent your password from being broken. Remember how sometimes you see a combination of squiggly letters and numbers when you're signing in to your account? A password-guessing program can't recognize those characters, but a person - i.e. you - can. Despite this additional layer of protection, I'd still say that everyone should change their passwords often, at least every 30 to 60 days.

So here are some tips I urge you to use:

  1. Read the University of Wyoming page and chuckle over the underwear references (or frown and say "Tsk! tsk!", if you're a mom).
  2. Carefully read the serious information about creating a strong password.
  3. Read eBay's Help page, as well.
  4. Visit our remodeled and friendlier Security Center for more useful information on staying safe online.
  5. Review all your passwords and change them frequently.

Otherwise, you may end up getting a password wedgie.

XHTML 1.1 Compliant  CSS2 compliant  Web Accessible

This website strives to be cross-platform, cross-browser and ADA compliant. This site has been tested with the latest versions of Internet Explorer, Mozilla-based browsers, Opera, and Konqueror, but has not been tested with text-only browsers. This site is designed for viewing at 800 x 600, but is best viewed at a resolution of 1024 x 768 or greater. If you have difficulty viewing this site, contact the webmaster.

This web site is maintained by the Dayton Chapter of the American Society of Heating, Refrigerating and Air Conditioning Engineers, Inc. (ASHRAE). It does not present official positions of the Society nor reflect Society policy. ASHRAE chapters may not act for the Society and the information presented here has not had Society review. To learn more about ASHRAE activities on an international level, contact the ASHRAE home page at http://www.ashrae.org

Website questions or comments? Contact Russell Marcks
Last Updated 3 May 2014