Say goodbye to those wimpy, eight-letter passwords.
The 12-character era of online security is upon us, according to a report published this week by the Georgia Institute of Technology.
The researchers used clusters of graphics cards to crack eight-character passwords in less than two hours.
But when the researchers applied that same processing power to 12-character passwords, they found it would take 17,134 years to make them snap.
“The length of your password in some cases can dictate the vulnerability,” said Joshua Davis, a research scientist at the Georgia Tech Research Institute.
It's hard to say what will happen in the future, but for now, 12-character passwords should be the standard, said Richard Boyd, a senior research scientist who also worked on the project.
The researchers recommend 12-character passwords — as opposed to those with 11 or, say, 13 characters — because that number strikes a balance between “convenience and security.”
They assumed a sophisticated hacker might be able to try 1 trillion password combinations per second. In that scenario, it takes 180 years to crack an 11-character password, but there’s a big jump when you add just one more character — 17,134 years.
Passwords have gotten longer over time, and security experts are already recommending that people use full sentences as passwords.
Here’s one suggested password-sentence from Carnegie Mellon University:
“No, the capital of Wisconsin isn’t Cheeseopolis!”
Full story: How to create a ‘super password’ – CNN.com