I've been listening to Steve Gibson (twitter.com/sggrc) of the Gibson Research Corporation for a long time - longer than I realized actually.  Steve does a weekly podcast called Security Now over at the TWIT.tv network where he talks about weekly security issues as well as provides the equivalent of college-level courses on various computer-related topics.  The podcast is currently at episode 303.  It's weekly and I've been listening since episode 11....

I don't even want to do the math.

In the last episode, Steve talked about passwords and about how, in his research, he's discovered somethings that will CHANGE the way the we think about passwords.  If you're like me, you want to find something memorable and something that's not too tedious to type in.  But, the fact of the matter is, passwords like "abc123" or "mydogsname" are incredibly easy for people to guess and/or crack.  The alternative from security conscious people has been to use something utterly random like this "@34653;asdf9dDlads8pla;lk4hs;hjadfu04;4$pas34$".  Completely secure, but impossible to remember without writing down.  In itself, this is a security concern.

From what I've seen, the biggest obstacle so far has been people's disregard for the importance of their personal information.  Take Facebook.  Most people would say that I don't put anything on Facebook that I don't want people to know - email addresses, photos, other websites, etc.  We certainly don't put our credit card information on there for the world to see.  But all of this information is valuable to people looking for identities to steal - and we should be cautious of who we allow to aggregate information about us.

Our primary means to secure ourselves is the password.  Sometimes it's hard to imagine that the only thing standing between me and an identity thief is a 12 character string.... but there you have it.  Of course I want to make this hard for people to guess and easy for me to remember.

So, enter Steve's "Password Haystacks" page.  This is an incredible too to gauge how vulnerable your password is to cracking.  I'd HIGHLY suggest going there and coming up with some passwords to see if how long they would take to crack.

For example, "abc123" could be guessed in about 0.02 seconds.

In contrast, "oPen43)sesaME" (which is still very memorable) would take approximately 1.65 hundred thousand centruries to crack.. at which point, you probably won't really care that much.

Go ahead and play with it.  It's a neat tool and a great way to gauge whether it's time to change you password.