Published: August 15, 2023 on our newsletter Security Fraud News & Alerts Newsletter.
New upgrades to technology have made password-cracking a breeze. As a result, creating fortified passwords is more important than ever. We know rock-solid passwords do wonders in keeping intruders out, yet few of us actually use them. New data shows just how quickly, or not, different passwords get cracked these days depending on how they’re built.
Research by Specops Software gets to the nitty-gritty of how password assembly creates a stunning difference in the “crack-ability” of the guardians to your online accounts. That difference in cracking times depends on the length and mix of characters used. All the following examples come from Specops Software’s research.
In an Instant or in Thousands of Years
Two passwords with the same length of characters have very different cracking times depending on how they’re made. A 12-character, numbers-only password is cracked in an instant. Whereas the same 12-character password with a mix of numbers, upper- and lower-case letters and symbols takes 26.5 thousand years to break. With that kind of time, even cybercriminals know it’s time to move on.
Research also shows short passwords (eight characters) with a mix of upper- and lower-case characters is toast within two minutes. The best result for a short password is one mixing all character types. Even then, cracking takes up to 3 hours maximum. Hackers with reason to believe an account is worth the effort will take the time to crack that password.
The Mother of All Passwords
For the password curious, there’s one that’s the stuff of legends. That is, one that’s twenty-two characters long with a mix of all character types. The end result takes 2 septillion years to crack, and no one has that kind of time. For comparison, the same length using numbers only needs 490 years to crack. Now that’s more reasonable.
What to learn from all these examples is a mix of all characters in a long password is the best way to go. Only then will password cracking be extremely difficult and time-consuming for cybercriminals. Like putting multiple locks on your bike or adding “The Club” to the steering wheel of your car, the idea is for them to give up and move on to easier targets; like the account with “123456” or “Football” as a password. Whether you’re that easier target is up to you.
Keep up to date: Sign up for our Fraud alerts and Updates newsletter
Want to schedule a conversation? Please email us at advisor@nadicent.com
Comments