Our website uses cookies

Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing Infosecurity Magazine, you agree to our use of cookies.

Okay, I understand Learn more

12 character passwords essential say experts

In a weekend news story on the CNN portal, reporter John D Sutter says that the Georgia Institute recommends that internet users should consider that a 12-character password is now the minimum.

If like many people, you find a 12-character password difficult to remember, the Institute also says that you can use a sentence, rather than a word/number sequence as an aide memoir.

Researchers at the Institute have reportedly used clusters of PCs with graphics cards – presumably running software from the likes of Elcomsoft, Infosecurity notes – to crack eight-character passwords in less than two hours.

But when the same methodology was applied to a 12-character passphrase, researchers found it would take more than 17 000 years to crack it.

"We've been using a commonly available graphics processor to test the integrity of typical passwords of the kind in use here at Georgia Tech and many other places", said Richard Boyd, a senior research scientist at the Georgia Tech Research Institute.

"Right now we can confidently say that a seven-character password is hopelessly inadequate, and as GPU power continues to go up every year, the threat will increase."

Interestingly, the researchers recommend the use of a 12-character password, rather than 11 or 13, "because that number strikes a balance between convenience and security."

"They assumed a sophisticated hacker might be able to try 1 trillion password combinations per second. In that scenario, it takes 180 years to crack an 11-character password, but there's a big jump when you add just one more character - 17,134 years", says CNN.

The researchers also say that, if a site allows you to create a password with non-letter characters, like "@y;}v%W$\5\" - then you should do so.

There are only 26 letters in the English alphabet, but there are 95 letters and symbols on a standard keyboard.

"More characters means more permutations, and it soon becomes more difficult to for a computer to generate the correct password just by guessing", says the online news report.