Subtitles section Play video Print subtitles And then Sam and Frodo lived happily ever after The end. BOOM! My novel is complete. Hi there. Good to see you. My name is Jake Roper and now you might be asking yourself Jacob, why is half of your hair buzzed? Well that's a great question. It's not just because I really like the character Rodger from the show, Doug or Skrillex or any kind of combination of the two. It's because I'm working on a very secret project that looks like this. It's gonna be amazing. I'm very excited for it but again it is a secret. You know what else is a secret? Passwords. And that's what this DONG is all about. Passwords. How secure is your password? Could you make it better? Maybe? Probably. Let's find out with some DONGs, things that you can do online now guuuuys. Time that one out, Hannah. First things first, let's test how secure your password is. We'll go to howsecureismypassword.net and we featured this on a DONG before but it is a very useful in this situation. Let's try the password, michaelstevens. Oh look at that! It's gonna take about 51 years for a computer to crack but look what happens if we add a 2. Now it has gone up from 51 years to 175 thousand years. And sure Michael Stevens2 is not too difficult to remember but many internet users have more than one account and some even have close to 100. I mean I have a different password for every account that I have so it kinda gets a little bit difficult. But if you want to make strong passwords that are different for every account like moi it can be hard to keep them all together. That's where a service like LastPass comes in which I personally use and I've been using for years and they were also nice enough to sponsor this episode and support Vsauce and the DONG. Now LastPass is great because you don't have to memorize all your passwords. It stores all of them which is convenient but it also can autofill for you because I always do the thing where I type in a password and it's not the right one and I keep typing it in until I get locked out of my account. This autofills it because there are plugins for your browser and there's also an app for your phone which is very nice. Also it can generate random passwords for you which turn out to just be like a long string of numbers and letters which is good for security. And you can try LastPass for free for as long as you want. No credit card required. Link at the top of the description which is very nice. Now. Passwords. How secure are they really? Because in 2014 it was estimated that 47% of adults in the US had some personal information stolen. Now to find out we can use this hash generator. Hash values are generated by a one-way function so you can get the hash value if you have the password but not the password with just the hash value. A variety of these hash-generating algorithms exist But computerphile has a great video that breaks down how SHA-1, a hash function works. It has recently been replaced by more secure algorithms but it was widely used for many years. These irreversible functions don't mean a weak password will protect you from theft or fraud though and I'll explain why in a little bit. For now let's check the strength of yours. So let's type Michaelstevens into the hash generator. and this one uses SHA-1 but there are others as well. Ok so typed in michaelstevens. Here's our hash value. So let's just copy that. Now we can go to crackstation and see if it can figure out what our password was from the hash we copied in. Figured it out almost immediately. And that's not a huge surprise because crackstation draws from a 15-billion entry lookup table Now add 1.5 billion entries for the remaining algorithms. A lookup table is a storage format that lists passwords next to their corresponding hash values. It sounds tedious to create but when you realize that crackstation can decrypt 20 passwords at once in a matter of seconds it becomes easier to wrap your head around. And this brings me back to my point about the necessity of a strong password despite complex hashing algorithms. If you use a common one like “password” you can be pretty sure that somewhere within those 16.5 billion entries exists a hash value for password. So what if we now hash michaelstevens2? Adding a number helps because it is a very easy form of Salting. It adds a random string of characters, the salt, to the beginning or end of a password before it's hashed. It makes a password easier to crack because you can't use a lookup table since it's impossible to predict what the salt is. And if you were hoping for a generator to create a salted password well we've got you covered with Salt the Pass. So let's try one of those easily hackable passwords we used earlier, like password. Great. Now let's copy it and put it into crackstation. So I know what you're thinking, Jake, $$$michaelstevensfan345#2508 is too hard to remember. How do I stay safe from ill-intentioned people trying to steal all my stuff? Easy my friend, with pass phrases, a random collection of words like zebra dance onion parachute. But what if that isn't random? I mean for me it probably is because I've never been with all four of those things at the same time but what if I had? What if a hacker knows I love all of those things and can guess it? That's where diceware passphrase comes in. This method makes sure the words you choose are 100% random. Each word in the given list corresponds with 5 numbers. Roll a die five times, write down the digits, and select your first word. Now keep doing this until you get however many words you want. If that rolling seems a little too tedious for you then good news there's this dice simulator right here that lets you click a button for 5 rolls simultaneously. Please comment your 3 word passphrase below and also whatever salt you added to it. Now good luck finding it in a lookup table which by the way, may be an efficient strategy for nefarious people, but the drawback is that it takes up a lot of storage. For the low-storage hacking solution there's the brute-force method. You've probably heard of this technique before. It's essentially just trial and error. The hacker guesses different combinations of passwords until they get the correct one. And there are programs to make it go faster, like John the Ripper, but brute force is one of the slowest, most tedious methods. So we can actually check this out. If we got to betterbuys.com you'll see how quickly your password would be figured out using brute force. It's really cool to see how just by adding a few numbers you can increase the time it takes to hack by a matter of years or millennia or even infinity. You can also see how it would differ depending on the year and computer processing power. We're gonna set it to 2018 and it would take 135 millennia. Okay now if we make it password was it would take .2 milliseconds. But if this was the year 1982, it would take 39 jiffies. Which is fantastic because I love the word jiffy. A jiffy is an unspecified short period of time. So when people tell you they'll be back in a jiffy and they don't come back for years you can call them a liar. Still waiting for you to come back Michael Stevens. Said you were going to the grocery store and you never came back. Just left mom and I alone. Anyway, as technology evolves and hackers become more proficient, cracking passwords becomes faster and faster. The point of all of this let me close this we're gonna get a little one on one time. Point of this isn't to scare you really. One I think it's just kind of cool to see how secure your password is. And just play around with it. The other is that security is important on the internet. I get an email pretty much every day from one of my accounts saying that someones tried to reset my password. So that's why I think this is very valuable to investigate. Ya know? Do it with your friends. Check some passwords. That's what I do on a nice Friday night. Check for passwords. Wait for dad to come home and yes. So there's links to the DONGs down in the description If you wanna check out LastPass which I would highly recommend. I really really like their software. There's a link down there at the top of the description and what was that? Yeah. As always dad come home. Thanks for watching.