Yes, Ladies and Gentlemen: Size Does Matter
Or, more specifically when it comes to passwords, length is critically important.
This means the “standard” 8 characters are no longer enough – even if your password is complex, meaning a combination of small- and large-cap letters, numbers and characters.
A new study from security firm Hive Systems shows that a complex 8-character password can now be cracked in 39 minutes. Drop a letter and make it a 7-character complex password? Just 31 seconds!
When aiming for the bottom-right, most secure portion of the graphic below, it is easy to see how vital adding some length to your password is… add complexity, too, and a 12-15 letter password should provide you with great peace of mind:
In addition to the simple advice above, here are some other key takeaways from Hive about keeping your logins safe:
- Use a passphrase instead of a password. A passphrase is a long string of often random words. Passphrases are often more secure than passwords but are usually easier to remember. For example: “sunset-beach-sand” uses words and a dash to separate each word and would take 2 billion years to crack, according to Security.org.
- Use a password manager. Since creating and remembering multiple complex and lengthy passwords on your own is impossible, a password manager is your best bet. By using a password manager for yourself or within your organization, you can generate, store and apply strong passwords for websites and online accounts.
- Use a strong master password. If you do adopt a password manager, you’ll want to protect your stored passwords as effectively as possible. The way to do that is through a strong master password. Create a complex and long password or passphrase that you can remember.
- Test your passwords. To gauge the strength of a potential password, enter it at a site such as Security.org. The site will tell you how long it would take to crack that password.
As always, organizations in need of help securing their networks can contact us for a free, no-obligation cybersecurity review.