eBay Employee Wins Password Cracking Contest, Provides Tips for a Strong Password

Password hackers from around the world gathered together at the DEFCON information security conference in August to compete in KoreLogic’s annual “Crack Me If You Can” password cracking contest. 25 teams from all over the globe tried to crack as many passwords as possible in a 48 hour time period. Team Hashcat, which included eBay’s own Eric Milam, came out victorious and claimed the top prize with 46,751 cracks vs second place finisher, CynoSure Prime, which had 38,609 cracks.

Tips

  • Passwords between 8-10 characters are extremely weak and can be easily cracked by a professional. Hacking pros were asked to crack two random passwords and here are the results:
    • Password2015! – only took 36 seconds to crack.
    • eBayis#1 – took 1 minute and 56 seconds.
  • Pass phrases are better and stronger than passwords. While they are longer, they are memorable and can be easy to type. Pass phrases are just sequences of words, a simple sentence that you can easily remember. Here are some examples of strong pass phrases that are nearly impossible to crack:
    • Zombies ate my password!
    • U can,t krack this password? haha!

Security is everyone’s responsibility, and having a strong password is just one way to make sure you are doing your part to keep your information safe.