Your 8 character password is easily cracked!
Earlier this year, I wrote on another blog about the importance of having good, solid passwords - at that time (oh so long ago in May this year!), I suggested that 8 character passwords using upper and lowercase, numbers and special characters is good. And it still is... sort of. despite having a whopping 6 quadrillion possiblities, Passwords^12, a security conference held in Oslo, Norway, during 3-5 December 2012, showed that it wasn't too hard to set up a system which could produce 350 billion password attempts per second! This renders an 8 character password crackable by brute force in about 6 hours.
Your 8 character PW cracked in 6 hours
Now, obviously, we don't all have such equipment lying round in our garage waiting for the next raodside recycling, but, those intent on password cracking, likely do, or something eqivalent. So, it seems that we need to extend our passwords.
Dmitry Bestuzhev, of Kaspersky Lab, offers these suggestions:
- Use a different password for each different online resource. Never reuse the same password for different services. If you do, all or many of your other online accounts can be compromised.
- Use complex passwords. This means, in a perfect scenario, a combination of symbols, letters and special characters. The longer the better.
- Sometimes our online service providers don’t let us create really complex passwords, but try to use long passwords, with at least 23 characters in a combination of uppercase and lowercase letters. A password of 23 characters (131 bits) would be ok.
Thanks Dmitry, but no thanks. I won't go as far as saying I'll shoot myself if we actually end up needing passwords that complex, but I'm not rushing out to change all my sites over to 23 character ones either. Not that they are any less memorable than even an eight character one really, but I think 23 is a little over the top... for now.
Twelve character minimum
Wow, just 7 months ago I said 8, now I'm saying 12. In may next year, will I be coming back saying 23 after all? Maybe. Technology is exploding exponentially, but, there at least, is where passwords are somewhat keeping pace.
Adding just another character to a password exponentially increases the possibilities. So 8 doesn't have twice as many combinations, but, in fact, about 78 million times as many. A 12 character PW gives about 400 octillion possibilities (that's 400 with 27 zeros after it) and that's what we use on our sites. We figure that, for now, that'll put off all but the really hardcore hackers, and we think it's unlikely those guys will be interested in our sites. But as for tomorrow... remember that the computers that guided Apollo 11 to the moon and back were only as powerful as today's calculators and ran on 64kb of memory!
We understand that the commissioning of a website designer can be a bit daunting sometimes. That's why we offer you no money down and nothing to pay for 6 weeks! Let us take the risk - why should you?