In 2014, I bought 25,000 dogecoins as a joke. In 2021, it was briefly worth over $17,000. The problem was that I couldn’t remember the password. Determined to get my coins back, I embarked on a journey that exposed me to online hackers, the math behind passwords, and a whole lot of frustration.
Although most people don’t have thousands of forgotten cryptocurrencies, everyone relies on passwords to manage their digital lives. And as more and more people buy crypto, how can they protect their assets? We spoke to a host of experts to find out how to create the best passwords for your digital accounts and, if you have crypto, what your basic storage trade-offs are. Let’s dive into it.
How to hack your own crypto wallet
There are several common ways to lose crypto. You might have a wallet on a hard drive you throw. Your exchange could be hacked. You could lose your password or you could get hacked personally and have your coins stolen. For those who lose their password, like I did, the hackers actually present a silver lining. If you are still in control of your wallet, you can try to hack your own wallet or find someone who will.
So I contacted david bitcoin, an anonymous hacker famous for cracking crypto wallets. He agreed to help break into the wallet, for his standard 20% fee – paid only if he is successful. Dave and other hackers mainly use brute force techniques. Basically, they just guess passwords – lots of them.
After a bit of a wait, I received an email from Dave. “I’ve tried over 100 billion passwords on your wallet,” Dave told me over email. I assumed such a mind-boggling number of tries meant my parts were surely salvaged, but alas, we had only scratched the surface. The password was not hacked and my coins remained lost. But how?
The math behind strong passwords
Each new digit in a password makes it exponentially harder to crack. Consider a one-digit password that could be a letter or a number. If the password is case sensitive, there are 52 letters plus 10 numbers. Not very secure. You can simply guess the password by trying 62 times. (A, a, B, b, C, c … and so on).
Now make it a two-digit password. It’s not twice as hard to guess – it becomes 62 times harder to guess. There are now 3884 possible passwords to guess (AA, Aa, AB, etc.) A six-digit password with the same rules has about 56 billion possible permutations, assuming we don’t use characters specials. A 20-character password with these rules has permutations of power 62 to 20: i.e. 704,423,425,546,998,022,968,330,264,616,370,176 possible passwords. That makes 100 billion seem pretty small in comparison.
This calculation was bad news for me, because I’m pretty sure I have some sort of long password, like a few lines of a song. Talk about facing the music.
Password Best Practices
Whether it’s for your email or your crypto wallet, how can you strike a balance between creating a strong and memorable password?
“Choosing passwords is tricky,” says Dave, “If you go out of your way to create an unusual password for your wallet that you wouldn’t usually use, then it’s going to be pretty hard for you to remember and for me to help you. It’s easier to guess your password if you use consistent patterns. Of course, it’s bad for security, and someone trying to hack into your accounts will have an easier time. Balancing the security with memorization is ultimately a difficult task that will depend on the needs and preferences of the individual.