A recent password safety study shows how long it would take a hacker to crack your passwords—saying that any 8-character password can be guessed in less than 40 minutes!
Importance of Creating Strong Passwords
Digital technology is changing the way people work, using the cloud, AI, blockchain, the Internet of Things, and more.
In order to prevent unauthorised access to your computer and personal information, passwords serve as the first line of defence.
A strong password allows your computer to be better shielded from hackers and harmful software. Therefore, all of your online accounts should have secure passwords.
While passwords aren’t the only method to keep your information safe, a strong and unique password is the best way to stay safe online.
Alex Nette, CEO and co-founder of Hive Systems
Password Safety
Based on the length and complexity of a password, cybersecurity company Hive Systems’ experts developed a colourful chart to illustrate the relative strength of the password against a brute force cracking attack.
The information is based on how long it would take a hacker with average resources to decode your password hash.
8 Characters Password No Longer Enough
According to the study, passwords with six characters can be instantly cracked, regardless of whether numbers and symbols are included.
The same is true for passwords that are 7 or 8 characters long and only contain numbers or lowercase letters. This shows how easy it is for someone to break into an online login!
However, using 18 characters made up of numbers, upper and lower case letters & symbols will ensure that your password won’t be guessed for 438 trillion years!
Trivia: World Password Day is observed annually on the first Thursday in May!
The study also discovered that technological developments over the past two years have drastically reduced the time it takes to break a password using brute force.
In 2020, it would take 8 hours to crack a password of 8 characters while today, it takes only less than 40 minutes. This phenomenon has been influenced by the increase of accessible cloud computing.
DOs & DON’Ts For Password Safety
DOs
- Use a mix of numbers, capital and lowercase characters & symbols when creating passwords.
- Instead of using passwords, use passphrases of at least 14 characters that are simple to remember.
- Make sure to set strong, unique passwords for all your accounts.
- Ensure 2-factor authentication is enabled, especially for accounts holding sensitive data.
- Create random passwords using a safe password generator.
- Use a password manager to create strong passwords and secure storage, and set up a long and difficult passphrase for your password vault.
DON’Ts
- Never use the same password across various accounts.
- Never use passwords that contain information found on social media profiles such as names of spouse or pet, date of birth, etc.
- Eliminate dictionary words and popular passwords from your passwords.
Limitations Of The Study
- The implied attack presupposes that MFA is not being utilised or has been bypassed.
- These statistics suppose that passwords are generated at random.
- These stats assume that you’re using a password that hasn’t previously been cracked.
- This method of password cracking assumes the attacker has acquired a hash digest of one or more passwords, like those discovered in password data breaches on HaveIBeenPwned.
- These metrics consider a password length of 650 characters to be the “sample space,” which is finite.
- For a detailed explanation of the limitations or more, visit this link.
Find out more on Hive Systems’ methodology here.
Interested in cybersecurity? Read also Ways To Handle Business Email Compromise (BEC) Attacks and Remote Desktop Protocol (RDP) Attacks Targeting WFH Employees