There’s a really interesting article from Georgia Tech that talks about how the advanced computing power that’s readily available today may actually be making password length an even more important factor for creating a secure password. Using graphics processors, researchers are able to quickly, and cheaply, break 8 character passwords in a matter of hours. From the article:
Georgia Tech researchers are investigating whether this new calculating power might change the security landscape worldwide. They’re concerned that these desktop marvels might soon compromise a critical part of the world’s cyber-security infrastructure — password protection.
We’re big proponents of secure passwords here at StopSign, so this story really spoke to us. It confirms that any password less than 8 characters in length is pretty much useless, and even 8 character passwords are now not exactly cutting edge. The new recommendation for the total number of characters in a password? The article says:
…any password shorter than 12 characters could be vulnerable — if not now, soon
Brute force attacks on passwords that are 12 characters would currently take approximately 17,134 years, while an 11 character password would take around 180 years. It’s amazing what one character difference can make.
As usual, we recommend not only longer passwords, but also that you use a mix of uppercase and lowercase letters, as well as other characters and symbols such as the asterisk (“*“), hash sign (“#“), ampersand (“&“), and the like. Doing so will greatly increase the time it takes to break your password. For more on creating strong passwords, check out our article “12 Tips for Making a Good Password.“.