Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Short passwords 'hopelessly inadequate', say boffins

17 Aug 2010   #1
JMH

Win 7 Ultimate 64-bit. SP1.
 
 
Short passwords 'hopelessly inadequate', say boffins

Quote:

The availability of password-cracking tools based on increasingly powerful graphics processors means that even carefully chosen short passwords are liable to crack under a brute-force attack.

A password of less than seven characters will soon be "hopelessly inadequate" even if it contains symbols as well as alphanumerical characters, according to computer scientists at the Georgia Tech Research Institute. The security researchers recommend passwords at least 12 characters long.

The number crunching abilities of graphics processors were recently applied to commercial password auditing and recovery tools from Russian developer ElcomSoft. It's a safe assumption that black hats are able to use the same type of technology for less laudable purposes. Richard Boyd, of the Georgia Tech Research Institute, told the BBC that the number-crunching capacity of graphics cards compares to those of supercomputers built only 10 years ago.

More -
Short passwords 'hopelessly inadequate', say boffins • The Register

My System SpecsSystem Spec
.

17 Aug 2010   #2

Windows 7 Home Premium x64
 
 

If my 21 digit alpha numeric passwords are inadequate, then I think somethings terribly wrong .
I used to have a habit of using short passwords like you just suggested not doing . Then my website got hacked and that was lesson learnt. Moral of the story, don't overreact and use super long passwords or very short ones .
My System SpecsSystem Spec
17 Aug 2010   #3

Windows 7 Home Premium 64 bit
 
 

12, 21. Would it really make any difference with current technology. If they want to get in they will. It'll just take a few milliseconds longer surely?
My System SpecsSystem Spec
.


17 Aug 2010   #4

Windows 7 Professional x64
 
 

Quote   Quote: Originally Posted by johnwillyums View Post
12, 21. Would it really make any difference with current technology. If they want to get in they will. It'll just take a few milliseconds longer surely?
By brute force, it would take around 1.75 times longer to crack a 21 alphanumeric password compared to a 12 alphanumeric password.

If people remember combinatorics from middle school, they would know that using a password with only alpha characters can substantially cut down the time required to crack a password. For example:

A 12 letter password using only alpha: 12*26! combinations or 4.8*10^27
A 12 letter password using alpha and digits: 12*36! combinations or 4.5*10^42

By mixing in numbers to your password, you increased the number of possible combinations by ~937,500,000,000,000 times.
My System SpecsSystem Spec
17 Aug 2010   #5

Windows 7 Ultimate x64 x2 + x86 + Windows 8.1 x64 x2
 
 

There are four character groups that should be included in strong passwords

Lower case letters
Upper case Letters
Numbers
& Symbols

with a 12 character passwords the combinations do grow substantially

Even the simple "password" is harder to crack when it's "pA$sw0rD"
My System SpecsSystem Spec
17 Aug 2010   #6
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

Use a 'made-up' phrase or sentence for a password, being sure to mix it up.
My System SpecsSystem Spec
17 Aug 2010   #7

Windows 7 Home Premium x64
 
 

I use an alphanumeric password, but it's a far cry from exceeding 12 digits. I do have a much longer numeric key that I use for super sensitive stuff. Personally, there should be no digit minimums on passwords (like sites that say at least 6 characters, or whatever), because that just serves to narrow down the number of possibilities a bruteforce hacker has to try. For example, security people say hackers often try dictionary words first. If a site requires you to have at least a 6-character password, then that eliminates all the words in the dictionary that are five letters or less (which REALLY narrows it down).

I think the best an average Internet user can do is a) choose a password that is both letters and numbers (and symbols if you like), b) choose a password that is not directly associated with your identity (no family members' names, no friends' names, etc), and c) never EVER let anyone hear/see anything about your password, not the length, not the subject, not a hint, NOTHING. By doing so, you will drastically reduce someone's chances of hacking it. Even telling someone how LONG your password is only serves to radically lower the number of tries it would take them to get in.
My System SpecsSystem Spec
18 Aug 2010   #8

Windows 2000 5.0 Build 2195
 
 

Awww. I only have like 6 characters as a password. Makes remembering easier. Gee.

And my password is: ツღ金Ƹ̴Ӂ̴Ʒ
My System SpecsSystem Spec
18 Aug 2010   #9

Windows 7 Ultimate 32 bit
 
 

Passwords are like locks; they don't deter the determined.
My System SpecsSystem Spec
19 Aug 2010   #10

Windows 7 Ultimate x64 x2 + x86 + Windows 8.1 x64 x2
 
 

Carl,

I prefer to think of them more like car and house alarms - they tend to stop the opportunist thief, and even the more determined is more likely to move along to the next more easily accessable target.

One other thing I tend to do is not advertise - full stealth on systems means that as far as the outside world is concerned my system does not exist. To use the above analogy - I draw the shades when I'm not at home
My System SpecsSystem Spec
Reply

 Short passwords 'hopelessly inadequate', say boffins




Thread Tools



Similar help and support threads for2: Short passwords 'hopelessly inadequate', say boffins
Thread Forum
Boffins: We have FOOLED APPLE with malware app Security News
Sounds cut short Sound & Audio
Short-cut issue General Discussion
WMP 12 - Short pause at end of MP3/WMA Music, Pictures & Video
Inadequate Hardware? Hardware & Devices
Boffins boast newfangled rootkit blocker System Security

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 11:22 PM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33