How secure is your password?

[MoltenKitten]

15 hours for my insecure pass that I use for things I don't care about
377 billion years for my secure pass

[Ad Bot]

[Badspot]

Sure just click a link on a forum, letting them know where you came from via referral, then enter your password.  What could go wrong.  You guys are geniuses. 

[Nickpb 3.0]

Lol

[Pastrey Crust]

Who the hell would want to impersonate me? Think about it for a second.

[Steve5451²]

Sure just click a link on a forum, letting them know where you came from via referral, then enter your password.  What could go wrong.  You guys are geniuses. 

[Daswiruch]

Sure just click a link on a forum, letting them know where you came from via referral, then enter your password.  What could go wrong.  You guys are geniuses. 

why are you guys giving your password to some random site

i tried

[Phoople]

3 septillion septuagintillion years

Now the only thing i'm curious about is what they think people would be using to crack these passwords.

[joe411]

But how will they know your username???????/

[Badspot]

But how will they know your username???????/

* Monitor referral traffic on phishing site
* Check referral sites for presence of common bulletin board software (smf, phpbb, etc)
* When bulletin board is found, scrape list of online users
* Later, try all of the passwords you got from that referral against the online user list at the time
* When you find a working password, use it to check what email the account registered with
* Attempt to login to email address using same password
* Use email access to get all of their other accounts
* Send phishing/malware email to their entire contact list

[Badspot]

You could also concentrate on high-value targets.  Like any time you get a referral, try those passwords on the site's admin accounts, or try to SSH into the webserver using that password.  Way less likely to work but much higher payout, and hey, the whole thing is automated. 

[Phoople]

You could also concentrate on high-value targets.  Like any time you get a referral, try those passwords on the site's admin accounts, or try to SSH into the webserver using that password.  Way less likely to work but much higher payout, and hey, the whole thing is automated. 

Why hello Badspoot.

[Foxscotch]

This calculator assumes 4 billion guesses per second, which is a....rather high number.
The thing that these type of calculators don't account for is that any decent software is going to lock you out for several minutes at least, after just a few incorrect attempts.

it is intentional. that means the number you're getting here is a worst-case scenario

[Headcrab Zombie]

it is intentional. that means the number you're getting here is a worst-case scenario

Worst case is still way lower than 4 billion.
You wouldn't just need a computer that generate 4bil passwords per second (Ipquarx claimed a high end GPU could do 300mil).
You'd also need a network connection to the victim server with enough bandwidth to handle  4 billion requests a second. (Which would be several terabits per second)
And the server would need to be able to process those 4 billion requests per second.

And that's disregarding the fact that you'd need to wait for each request to be sent, processed, and responded to, before knowing if you got the right password. You could use asynchronous calls to do more than one at once... But not several billion at a time

[Clone v.117]

Considering my best friend and I have shared the same password for everything since we were like 5, not very secure at all.

[crazy54311]

A million years for the password i use for almost everthing but here and gmail

Gmail is loving 22 septillion I aint even kidding