Don't miss
  • 2,232
  • 6,844
  • 6097
  • 134

How a tiny change to your password will make the “time to crack” jump from 2.4 days to 2.1 CENTURIES

By on April 1, 2010

Passwords are a pain.

As all of us move to creating games (or media) as a service, we need to think about how to help keep passwords secure for our users.

And because most people use the same passwords everywhere (say, for their online games, forums, and their bank), password strength is critical.

John Podzadides over at Life Hacker has this to say:

“Pay particular attention to the difference between using only lowercase characters and using all possible characters (uppercase, lowercase, and special characters – like @#$%^&*). Adding just one capital letter and one asterisk would change the processing time for an 8 character password from 2.4 days to 2.1 centuries.”

He made that stark difference even more clear in the chart below:

I think that it is important for all of us that we think about this on a personal level.

Professionally,though, I’m not so sure. I get annoyed with sites that force me to pick a “secure” password, especially if I don’t have a meaningful relationship with them yet. “Let me use a standard, easy to remember, low-strength password, if I want to,” is what I think.

But I do think you should let me people use lower AND uppercase letters. The few sites that don’t let me do that *really* annoy me.

What do you think? How much pressure should we put on our users to use secure passwords?

About Nicholas Lovell

Nicholas is the founder of Gamesbrief, a blog dedicated to the business of games. It aims to be informative, authoritative and above all helpful to developers grappling with business strategy. He is the author of a growing list of books about making money in the games industry and other digital media, including How to Publish a Game and Design Rules for Free-to-Play Games, and Penguin-published title The Curve: