12 character passwords essential say experts

In a weekend news story on the CNN portal, reporter John D Sutter says that the Georgia Institute recommends that internet users should consider that a 12-character password is now the minimum.

If like many people, you find a 12-character password difficult to remember, the Institute also says that you can use a sentence, rather than a word/number sequence as an aide memoir.

Researchers at the Institute have reportedly used clusters of PCs with graphics cards – presumably running software from the likes of Elcomsoft, Infosecurity notes – to crack eight-character passwords in less than two hours.

But when the same methodology was applied to a 12-character passphrase, researchers found it would take more than 17 000 years to crack it.

"We've been using a commonly available graphics processor to test the integrity of typical passwords of the kind in use here at Georgia Tech and many other places", said Richard Boyd, a senior research scientist at the Georgia Tech Research Institute.

"Right now we can confidently say that a seven-character password is hopelessly inadequate, and as GPU power continues to go up every year, the threat will increase."

Interestingly, the researchers recommend the use of a 12-character password, rather than 11 or 13, "because that number strikes a balance between convenience and security."

"They assumed a sophisticated hacker might be able to try 1 trillion password combinations per second. In that scenario, it takes 180 years to crack an 11-character password, but there's a big jump when you add just one more character - 17,134 years", says CNN.

The researchers also say that, if a site allows you to create a password with non-letter characters, like "@y;}v%W$\5\" - then you should do so.

There are only 26 letters in the English alphabet, but there are 95 letters and symbols on a standard keyboard.

"More characters means more permutations, and it soon becomes more difficult to for a computer to generate the correct password just by guessing", says the online news report.

What’s hot on Infosecurity Magazine?