August 22, 2010

12-Character Passwords Should Be A Standard

The Georgia Institute of Technology found that a 12-character password is more effective than an eight-character password.

The researchers used clusters of graphics cards to crack eight-character passwords in less than a couple hours.

However, when the team applied 12-character passwords they discovered that it would take 17,134 years to crack the password.

"The length of your password in some cases can dictate the vulnerability," Joshua Davis, a research scientist at the Georgia Tech Research Institute, told CCN.

Richard Boyd, a senior research scientist who also worked on the project, told CNN that it is hard to say what will happen in the future, but 12-character passwords should be standard.

Researchers say that 12-character passwords are recommended because that number strikes a balance between "convenience and security."

The team said a sophisticated hacker might be able to try 1 trillion password combinations per second, which could still take 180 years to crack.

Passwords have gotten longer over time, and security experts recommend that people use full sentences as passwords.

Boyd told CCN that even though advances in cheap computing are making complicated passwords a necessity, not all websites will accommodate them.

He said that it is best to use the longest and most complex password a site will allow.

More characters allow more permutations, and it soon becomes more difficult for a computer to be able to generate the correct password by guessing.

The researchers from Georgia Tech carried out "brute force" attacks when they decided that passwords should be at least 12-characters long.

They employed a computer graphics card, which is cheap and can be programmed to do basic computations quickly.

The processors in those cards run simultaneously, trying to guess all of the possible password combinations.

Websites like Facebook are marketing their log-ins and user names as a way to access sites all across the Internet.

The researchers said that is good for the user, but is potentially dangerous because if hackers figure out a single password, they can access multiple websites.

The researchers said that the reason passwords have to keep getting longer is that computers and graphics cards are getting faster.

"These things are really inexpensive -- just a few hundred dollars -- and they have a performance that's comparable to supercomputers of only just a few years ago," Boyd told CNN of fast-processing graphics cards.


On the Net: