Are you still using those 6 to 8 letter passwords? Then it's time for you to upgrade. According to a report published by the Georgia Institute of Technology, any password shorter than 12 characters is putting your online accounts at risk of being hacked.
The Georgia Tech crew came to this conclusion after using a Brute Force attack to crack passwords with different numbers of characters. The Brute Force attack was done with cheap computer graphics cards that can be programmed to do simple computations in a short period of time. They discovered that it only takes two hours for the processors in those cards to figure out 8-character passwords. When the same process was used to crack 12-character passwords, they found that it would take them 17,134 years!
These findings made it clear to Joshua Davis, a research scientist at the Georgia Tech, that "The length of your password in some cases can dictate the vulnerability." The next question should be: "What happens if you use more than 8 characters but less than 12 characters for your password?" The researchers established that 12 is indeed the lucky number because it is a healthy balance between "convenience and security."
Tests on 11 character and even 13 character passwords did not prove as fruitful at the 12 character results. Even if a sophisticated hacker were to try 1 trillion password combinations per second, it would take 180 years to crack an 11-character password, thus putting the 12-character password in the first position with 17,134 years.
A senior research scientist that was also involved with the project, Richard Boyd, said that it's best to use the longest and most complex password a website will allow -- this way Brute Force attacks won't be that effective. It was also recommended that people make use of non-letter characters where they can [e.g. %@$*?]. The alphabet is made up of 26 letters; however, there are 95 letters and symbols on a standard keyboard, make use of them all.
Right next to the Brute Force attack is the Dictionary attack which involves trying "every word in the dictionary" as a possible password for an encrypted message. Therefore, tech giants, such as Microsoft, advise the public to not use real words or logical combinations of letters as they passwords, but to mix them up.
Looking to the future, security experts believe that people will eventually have to use full sentences as their passwords. Unfortunately, even though advances in cheap computing power are making long, complicated passwords a necessity, not all websites will accommodate them, said Boyd. And even if most websites allowed for long complicated passwords, the biggest problem for people would definitely be remembering all these long-winded passwords.
A plausible solution to remembering such passwords has not yet been established, but once that is figured out, long complicated sentences will be the new Super Strong Password.
Are your online passwords weak? After reading this article, are you seriously considering changing your weak online passwords to super strong passwords?