Skip to content

20100816 stronger passwords

Phil Lembo edited this page Jan 17, 2019 · 5 revisions

title: Stronger passwords link: author: lembobro description: post_id: 127 created: 2010/08/16 23:29:31 created_gmt: 2010/08/16 23:29:31 comment_status: open post_name: stronger-passwords status: publish post_type: post

Stronger passwords

From a new report on how much better the odds now are for brute force password attacks that employ modern processors. The main point, anything less than 7 characters is crazy and even 12 may be vulnerable without some compositional complexity.

Quoting Georgia Tech’s Richard Boyd:

“Right now we can confidently say that a seven-character password is hopelessly inadequate,” said Mr Boyd, “and as GPU power continues to go up every year, the threat will increase.”

A better alternative, he suggested, would be a 12-character combination of upper and lower case letters, symbols and digits.

Ultimately, suggest the researchers, users may be forced to rely on whole sentences that are a mix of different sorts of characters to ensure no-one else can guess their password and get at online services.

The time has long since passed when everyone should be converting from ridiculously weak passwords to more complex pass phrases, trading in hacker bait like “sunny” for the more sophisticated “Th3SunAls0Ri$es”.

Now all we have to do is start pressuring recalcitrant IT managers (and security software vendors) to remove all caps on password length and invest in major user education efforts.

Copyright 2004-2019 Phil Lembo

Clone this wiki locally