Cybersecurity Blog

Twelve character passwords are now being hacked on a regular basis. 08/01/2023

 

 

For years you have been hearing that a strong password is greater than 8 characters long, has uppercase letters, lowercase letters, numbers and symbols. Today that is no longer the case. The threat actors now have computing power and tools that allow them to brute force hack any 8 character password in less than a day.

So how long should your password be? Well that depends on whether you have created the password yourself or have had a password manager do it. According to experts, if you generate the password yourself, it has to be 20 characters long. If you have a password manager generate a random one for you, then it only needs to be 12 characters long.

Why the discrepancy? The thought is the human brain cannot generate a random enough password to keep criminals out. We tend to use dictionary words and dates making it easier for these types of passwords to be cracked. In comparison, a password manager generates a completely random combination of characters which is much more secure.

I know what you are thinking, isn’t 20 characters overkill? Well we have had multiple accounts on campus brute force hacked in the past year. The passwords were unique, were used no where else, had 12 characters or less and included all the recommended characters.  There was no way that the passwords could have been stolen from elsewhere. A brute force hack is the only explanation of how the accounts were compromised.

A 20 character password may be secure, but if you are trying to come up with a single word that is that long, it can be bloody hard. The whole process is easier if you use four random words that have meaning to you, but would be nonsensical to anyone else. Once you hae your words, insert a number into each one and capitalize one letter in the word. You can use spaces as your special character or replace the spaces with a special character. For example, saddlepad blue shiny bay, becomes s4addlepaD#b4luE#s4hinY#b4aY.

To make it easy to remember, I insert the same number in the same place, captialize the last letter and replace the spaces with the same symbol. The result is a monster password that will take years to crack but can be remembered.

While having a 20 character password will keep your accounts safe for now, it won’t be long before we will need 33 character passwords or longer. To add an extra layer of security, enable multi-factor authentication on all your accounts so that if your passwords are cracked, the attackers won’t be able to gain access.

 

Leave a Reply

Your email address will not be published. Required fields are marked *