In 2014, I bought 25,000 dogecoins as a joke. By 2021, it was briefly worth more than $17,000. The problem was that I couldn’t remember the password. Determined to get my coins back, I embarked on a journey that involved online hackers, password math, and a lot of frustration.
While most people don’t have thousands of forgotten cryptocurrencies, everyone relies on passwords to manage their digital lives. And as more and more people buy crypto, how can they protect their assets? We talked to a bunch of experts to find out how to create the best passwords for your digital accounts, and if you have crypto, what the trade-offs are in your stash. Let’s dive in.
How to hack your own crypto wallet
There are several common ways to lose crypto. You may have a wallet on a hard drive that you throw away. Your exchange may be hacked. You may lose your password, or you may be personally hacked and your coins stolen. For those who have lost their password like me, hackers are indeed a silver lining. If you are still in control of your wallet, you can try to hack your own wallet or find someone who will.
So I contacted Dave Bitcoin, an anonymous hacker known for hacking crypto wallets. He agreed to help crack the wallet for his standard 20 percent fee, which is paid only if successful. Dave and other hackers mostly use brute force techniques. Basically, they just guess passwords – lots of them.
You can also try to hack your own wallet with programs like Pywallet or Jack the Ripper. But I didn’t want to do it myself, so I sent Dave a list of possible passwords and he got started.
After a short wait, I received an email from Dave. “I’ve tried over 100 billion passwords on your wallet,” Dave told me via email. I assumed that this staggering number of attempts meant that my coins would surely be found, but alas, we have only scratched the surface. The password was not cracked and my coins remained lost. But how?
The math of strong passwords
Each new digit in the password makes it exponentially harder to crack. Consider a unique password that can be either a letter or a number. If the password is case sensitive, it consists of 52 letters and 10 numbers. Not very safe. You can easily guess the password by trying it 62 times. (A, a, B, b, C, c … and so on).
Now make it a two-digit password. It doesn’t get twice as hard to guess – it gets 62 times harder to guess. Now 3884 passwords (AA, Aa, AB, etc.) can be guessed. A six-digit password with the same rules has about 56 billion possible permutations, assuming we don’t use special characters. A 20-digit password with these rules has permutations in 62 powers of 20: that’s 704,423,425,546,998,022,968,330,264,616,370,176 possible passwords. So 100 billion looks pretty small in comparison.
This math was bad news for me, as I’m pretty sure I had some kind of long password, like a few lines of song lyrics. Let’s talk about meeting music.
Whether it’s for your email or crypto wallet, how can you balance creating a strong password that’s also memorable?
“Choosing passwords is a tricky business,” says Dave, “if you go out of your way to create an unusual password for your wallet that you don’t normally use, you’ll have a hard time remembering it, and I’ll have a hard time helping you. It’s easier to guess your password if you use consistent patterns. Of course, this is bad for security and makes it easier for someone trying to hack your accounts.” Balancing security and memorability is a difficult task that will depend on individual needs and preferences.