![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh_4fVAHiz9To-m38IltkK9wl7hw6J9Apx8ksX4rx6xIb66OPaLZzYkwOK5Vh86zEci8H-L5fYwS4ky04QK9EW0NLTZuinufx6H3cptRRB0n81sHraJyNu4T8EhawO9rlpWHjgHhrP-zhJ5/s320/passwords01.png)
By now most of us have seen the "password strength" estimators when creating a new account on websites. That's handy but it's not nearly as eye-opening as the "
time needed to crack your password" tool over at
howsecureismypassword.net.
Just enter your password -- or, preferably, a password that's
similar-to-but-different-than any password you actually use -- and the tool estimates how long it would take a standard PC to
crack your password. Although there are a number of advanced password-cracking techniques in common use (such as
rainbow tables) the estimate appears to be based purely on the simple
brute force method. This means the estimate is actually a
best-case scenario -- a real world password cracking attempt is likely to take even less time.
And, yes, that "3 hours" estimate shown in the screenshot *is* the result of me testing a password similar to the passwords I get using my favorite password generation method. Time to rethink my password strategy...