Short passwords 'hopelessly inadequate', say boffins

Page 1 of 4 123 ... LastLast

    Short passwords 'hopelessly inadequate', say boffins


    Posted: 17 Aug 2010

    The availability of password-cracking tools based on increasingly powerful graphics processors means that even carefully chosen short passwords are liable to crack under a brute-force attack.

    A password of less than seven characters will soon be "hopelessly inadequate" even if it contains symbols as well as alphanumerical characters, according to computer scientists at the Georgia Tech Research Institute. The security researchers recommend passwords at least 12 characters long.

    The number crunching abilities of graphics processors were recently applied to commercial password auditing and recovery tools from Russian developer ElcomSoft. It's a safe assumption that black hats are able to use the same type of technology for less laudable purposes. Richard Boyd, of the Georgia Tech Research Institute, told the BBC that the number-crunching capacity of graphics cards compares to those of supercomputers built only 10 years ago.

    More -
    Short passwords 'hopelessly inadequate', say boffins • The Register
    Posted By: JMH
    17 Aug 2010



  1. Posts : 279
    Windows 7 Home Premium x64
       #1

    If my 21 digit alpha numeric passwords are inadequate, then I think somethings terribly wrong .
    I used to have a habit of using short passwords like you just suggested not doing . Then my website got hacked and that was lesson learnt. Moral of the story, don't overreact and use super long passwords or very short ones .
      My Computer


  2. Posts : 4,663
    Windows 7 Home Premium 64 bit
       #2

    12, 21. Would it really make any difference with current technology. If they want to get in they will. It'll just take a few milliseconds longer surely?
      My Computer


  3. Posts : 91
    Windows 7 Professional x64
       #3

    johnwillyums said:
    12, 21. Would it really make any difference with current technology. If they want to get in they will. It'll just take a few milliseconds longer surely?
    By brute force, it would take around 1.75 times longer to crack a 21 alphanumeric password compared to a 12 alphanumeric password.

    If people remember combinatorics from middle school, they would know that using a password with only alpha characters can substantially cut down the time required to crack a password. For example:

    A 12 letter password using only alpha: 12*26! combinations or 4.8*10^27
    A 12 letter password using alpha and digits: 12*36! combinations or 4.5*10^42

    By mixing in numbers to your password, you increased the number of possible combinations by ~937,500,000,000,000 times.
      My Computer


  4. Posts : 31,242
    Windows 11 Pro x64 [Latest Release and Release Preview]
       #4

    There are four character groups that should be included in strong passwords

    Lower case letters
    Upper case Letters
    Numbers
    & Symbols

    with a 12 character passwords the combinations do grow substantially

    Even the simple "password" is harder to crack when it's "pA$sw0rD"
      My Computers


  5. Posts : 8,608
    Windows 7 Ultimate 32bit SP1
       #5

    Use a 'made-up' phrase or sentence for a password, being sure to mix it up.
      My Computer


  6. Posts : 872
    Windows 7 Home Premium x64
       #6

    I use an alphanumeric password, but it's a far cry from exceeding 12 digits. I do have a much longer numeric key that I use for super sensitive stuff. Personally, there should be no digit minimums on passwords (like sites that say at least 6 characters, or whatever), because that just serves to narrow down the number of possibilities a bruteforce hacker has to try. For example, security people say hackers often try dictionary words first. If a site requires you to have at least a 6-character password, then that eliminates all the words in the dictionary that are five letters or less (which REALLY narrows it down).

    I think the best an average Internet user can do is a) choose a password that is both letters and numbers (and symbols if you like), b) choose a password that is not directly associated with your identity (no family members' names, no friends' names, etc), and c) never EVER let anyone hear/see anything about your password, not the length, not the subject, not a hint, NOTHING. By doing so, you will drastically reduce someone's chances of hacking it. Even telling someone how LONG your password is only serves to radically lower the number of tries it would take them to get in.
      My Computer


  7. Posts : 761
    Windows 2000 5.0 Build 2195
       #7

    Awww. I only have like 6 characters as a password. Makes remembering easier. Gee.

    And my password is: ツღ金Ƹ̴Ӂ̴Ʒ
      My Computer


  8. Posts : 11,990
    Windows 7 Ultimate 32 bit
       #8

    Passwords are like locks; they don't deter the determined.
      My Computer


  9. Posts : 31,242
    Windows 11 Pro x64 [Latest Release and Release Preview]
       #9

    Carl,

    I prefer to think of them more like car and house alarms - they tend to stop the opportunist thief, and even the more determined is more likely to move along to the next more easily accessable target.

    One other thing I tend to do is not advertise - full stealth on systems means that as far as the outside world is concerned my system does not exist. To use the above analogy - I draw the shades when I'm not at home
      My Computers


 
Page 1 of 4 123 ... LastLast

  Related Discussions
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 03:13.
Find Us