We should start talking about passphrases and not passwords, according to one Georgia Institute of Technology study any a password shorter of 12 characters is vulnerable to attack, the length of your password, as well as quality, like using a combination of alphanumeric characters, does matter a lot when it comes to computer security.
A standard English keyboard has 95 letters and symbols and you should be taking advantage of them to write full sentences as your password. Knowledge about a user may suggest possible passwords (such as pet names, children’s names, etc), hence estimates of password strength must also take into account resistance to this attack as well.
The ideal password length is 12 characters
The Georgia Tech Research Institure study on brute forcing passwords suggests a 12 characters password length in order to strike the right balance between convenience and security. Assuming a hacker can try 1 trillion password combinations a second, it would take him 180 years to crack an 11 character pass, this number would increase to17,134 years to crack a 12 character password.
How to create a strong password?
- Include numbers, symbols, upper and lowercase letters in passwords.
- Avoid any password based on repetition, dictionary words, letter or number sequences.
- Use capital and lower-case letters.
- Password must be easy to remember for and not force insecure actions like writing it down on notes.
According to one of the study authors if an attacker wants to crack many passwords quickly, once he’s built a rainbow table it might then only take about 10 minutes per password rather than several days. A rainbow table encodes the hashes of the most common passwords and uses that database to quickly run it against your hidden password.
Solutions to create secure passwords
Instructions to create the best random password possible: Diceware
Store your passwords encrypted online: LastPass
Free secure password manager for desktop computer: KeePass