How to create a ‘super password’

Say goodbye to those wimpy, eight-letter passwords.

The 12-character era of online security is upon us, according to a report published this week by the Georgia Institute of Technology.

The researchers used clusters of graphics cards to crack eight-character passwords in less than two hours.

But when the researchers applied that same processing power to 12-character passwords, they found it would take 17,134 years to make them snap.

“The length of your password in some cases can dictate the vulnerability,” said Joshua Davis, a research scientist at the Georgia Tech Research Institute.

It's hard to say what will happen in the future, but for now, 12-character passwords should be the standard, said Richard Boyd, a senior research scientist who also worked on the project.

The researchers recommend 12-character passwords — as opposed to those with 11 or, say, 13 characters — because that number strikes a balance between “convenience and security.”

They assumed a sophisticated hacker might be able to try 1 trillion password combinations per second. In that scenario, it takes 180 years to crack an 11-character password, but there’s a big jump when you add just one more character — 17,134 years.

Passwords have gotten longer over time, and security experts are already recommending that people use full sentences as passwords.

Here’s one suggested password-sentence from Carnegie Mellon University:

“No, the capital of Wisconsin isn’t Cheeseopolis!”

Full story: How to create a ‘super password’ – CNN.com