Some people use the name of their first pet as their default internet password. Some use their wedding date. Some just use “12345.” And all of those people might as well have no password at all, experts say.
To stand up against modern hackers and their beefed up hardware, computer passwords need to be composed of at least 12 characters selected at random from all the numbers, letters and symbols on the keyboard, researchers have found.
Up until a few years ago, an eight-character long password with a mixture of numbers and letters would have provided relatively strong protection. However, the use of graphics processors and website-patrolling robots have given hackers the power needed to crack anything but the most complex password, said Richard Boyd, a senior researcher at Georgia Tech Research Institute.
“If eight characters is all you use, and if you restrict your characters to only alphabetic letters, it can be cracked in minutes,” Boyd told Life’s Little Mysteries. “I would say a password should be as long as you can reasonably remember, but 10to 12 at least.”
Hackers use two different kinds of tricks to break passwords.
The first technique matches the password against a dictionary of names, dates and other commonly used security phrases. If you used your birthday or a pet’s name, this method will find the password easily, Boyd said.
The second technique, called a “brute force” attack, tries every possible combination of letters and numbers until one works. Like trying every possible combination on a lock, this method takes a lot of time, but less now thanks to faster computers.
By extending the password length to 12 characters, a user can make a brute force attack take so long that the computer simply gives up and moves onto an easier target. And by completely randomizing the characters, a password can protect against the first kind of attack as well, Boyd said.
Stay away from “d9#$mMN30&*f,” though, that one’s taken.
Stuart Fox is a staff writer for TechNewsDaily, a sister site to Life’s Little Mysteries.