Introduction
It would not be an exaggeration if I stated that every single, or nearly every single, article involving accoca talks about password strength. At this point, logging in to various websites and apps with usernames and passwords happens daily for almost everyone in the world. In fact, for a future article, I’m taking it upon myself to track how many times in a single day I log into a system. This includes a password manager like accoca, a banking app, website, or any other time a system is accepting login credentials. I plan to tally each instance throughout the day to attempt to quantify the daily password exposure of someone who uses computers extensively.
In this article we’re exploring various password strengths using a website called PasswordMonster to predict the time required to ‘crack’ our sample passwords. The purpose is not to perfectly predict password strength. As the user djasonpenney pointed out in this Reddit article from 3 years ago, sites like PasswordMonster almost always overestimate a password’s randomness. Stated another way, if a user’s pet dog ‘Woofy’ is used in some combination of letters, numbers, and symbols, the software might classify it as a strong password. If targeting a specific user, any hacker worth their salt will search social media for those kinds of password clues. Birthdays, pets, recent or current address numbers—anything that makes memorizing a password easier for the user. Under those circumstances, it’s likely a would-be hacker knows about ‘Woofy’, and will use it in various combinations to guess the password.
Woofy is the name of a fake dog Arnold Schwarzenegger gives to the T-1000 to confirm if John Connor’s parents are still alive in the film Terminator 2. They weren’t. Let’s get into it!
Previous Articles
Below are links to some of Sola’s other articles about accoca. The articles take less than 5 minutes to read and help provide insight into both the purpose of accoca as an app and how to generate difficult to hack passwords.
What is a Password Manager (Vault)
How to Generate Strong Passwords
Where to Download
accoca is available on the Apple App Store—linked below. A couple of key features to note: the app is free to use and Sola of America, Inc. does not collect any personal data from its users. For those wanting to unlock unlimited entries, OCR text detection, and customizable, auto-generated passwords, accoca offers a $7.99 lifetime purchase price. The fully unlocked version can be restored on another device by logging in with the same AppleID.
NOTE: At the time of writing this article, accoca’s lifetime purchase price remains $7.99. A price increase is coming later this summer as Sola invests in improvements to the app. If you haven’t unlocked the complete version, do so now before the price increase!
accoca’s Password Settings
Referring to the gallery of screen captures below, adjusting accoca’s password generator settings is a straightforward process. After navigating to the add screen for a new login, tap the empty space next to the password field. Keep in mind, the auto generation option is only available on the paid version of accoca. Once the cursor is in the password field, the auto generation text will appear above the on-screen keyboard. Keep an eye out for it as the text is a bit small.
Modifying the parameters of generated passwords requires only a few taps. Auto-generated passwords can be changed to include or exclude lower-case letters [a – z], upper-case letters [A – Z], numbers [0 – 9], and symbols [#$%&()*+-/]. Below the toggle buttons is an option for Length. If the password is truly a mix of letters, numbers, and symbols, even an 8- or 10-character password would take years to break. The process could be sped up if the bad actor was sure of 1 or 2 of the characters but on the whole, those passwords represent secure passwords. 14-character or longer passwords are even more robust.
My personal recommendation as the author is to use 14 or more. We’ve spoken at length in previous articles about how devastating even a single email account breach could be. Assuredly, countless personal documents and identifying information are housed there, especially if used for years—like most accounts. While some providers force the user to adhere to rigid password requirements, most do not. When in doubt, err on the side of caution and elect more as opposed to less complexity.
Sample Passwords for Testing in Part 2
Using the auto generation function we generated several passwords, all 14-characters in length, with varying parameters. The most complicated password included all four of the character options toggled. The second-most complicated removed symbols and the third-most complicated excluded both symbols and numbers from the generated password. We’ll also come up with simpler-to-hack password combinations ourselves. It is necessary to put passwords with easily recognizable names, figures, or number combinations against the more complicated.
My personal prediction as the author is that the name and number only combination passwords can/could be guessed in days. The auto-generated passwords with all parameters active would likely take years, including hundreds of thousands or above 1 million years to crack. I will explain below.
A Small Statistics Lesson
To better understand password difficulty, we should understand a basic statistical principle. Let’s assume we have a board in front of us with 3 lights. Like a television, each light can only be Red, Green, or Blue at any given time. To figure out the total possible combinations of lights on the board we must multiple each light’s options by the total numbers of lights. Explained another way…
- Light 1 can only be Red, Green, or Blue = 3 possible colors
- Light 2 is the same. It can only be Red, Green, or Blue at any given time = 3 possible colors
- Light 3 is the same as the first two, which means it also = 3 color options
- Light 1 (3 possibilities) x Light 2 (3 possibilities) x Light 3 (3 possibilities) = 9 total possible color combinations
- 3 x 3 x 3 = 9 total color combinations for the board of lights
Now! If we assume that any piece of our 14-character password can be an upper-case letter, lower-case letter, number, or symbol… that means each piece has 72 total combinations. 26 upper-case letters, 26 lower-case letters, 10 numbers, and 10 symbols = 72. 72 ^ 14 = 72 to the power of 14, meaning 72 multiplied by itself 14 different times equals a staggering 100,613,197,241,791,537,106,386,944 total combinations. There are so many possible combinations most people cannot even count that high.
To be continued…
It is my sincere hope this article is written in such a way that it’s easily understandable for the reader. If not, please drop a comment below and let me know so I can change the phrasing or reduce the complexity. Stay tuned for Part 2 coming soon where we test each password’s strength!
Where to Download
accoca is available on the Apple App Store—linked below. A couple of key features to note: the app is free to use and Sola of America, Inc. does not collect any personal data from app users. For those wanting to unlock unlimited entries, OCR text detection, and customizable, auto-generated passwords, accoca offers a $7.99 lifetime purchase price. The fully unlocked version can be restored on another device by logging in with the same AppleID.
NOTE: At the time of writing this article, accoca’s lifetime purchase price remains $7.99. A price increase is coming later this summer as Sola invests in improvements to the app. If you haven’t unlocked the complete version, do so now before the price increase!
Leave a Reply