Your Eight-Character Password is not as Strong as you Think

While online security has been an issue worth discussing for a long while now, it is still most definitely a subject worth addressing. While the average internet user might not necessarily be extremely technically minded or savvy, here are a few things that anyone who uses the Internet for serious things, such as correspondence and making payments for services, should consider.

  • X-Force Red, IBM Security's team of white hat hackers, recently ran an experiment to crack an eight-character password.
  • The experiment was run at what one would call "low power" – IBM's security team only used 80 GPUs, which is just a fraction of the power available to actual bad actors who have botnets at their disposal.
  • The control group of users for this experiment were asked to register and create their own passwords and said password was then protected in the usual manner.
  • The white hats running the experiment only used tools freely available online.
  • The average time it took for most eight digit passwords to be cracked was about half a minute.
  • Introducing a greater number and variety of symbols into the password than just letters increased the time it took to crack said password dramatically, sometimes - to more than a day and a half.

What does this all mean for the average internet user?

Well, it means that simple to remember eight digit passwords can't be relied on to keep your important personal online accounts safe. Even longer passwords are not good enough if they are comprised entirely of letters and don't include what would otherwise be considered "gimmicks" – such as symbols, etc. All in all, it's a good idea to adhere to a higher standard of security when choosing your passwords. Here are a few guidelines to follow:

  1. Make lengthier passwords. The length of the password you choose is directly linked to how much security that password actually provides. There are multiple studies, including the one mentioned above, that demonstrate that eight symbols are insufficient to keep an account safe. Experts recommend a minimum of 12 characters, and while significantly longer passwords are more difficult to remember and input, you should strive to make passwords as long as you can manage to ensure maximum security – even when the site in question does not ask for it.
  2. Vary the content of the password. The abovementioned study found that including capital letters, lower-case letters, numbers, symbols increases the time it takes for a bot to crack your password dramatically. Therefore – do so. Include as many of those as possible in your password.
  3. Try not to be predictable. There are certain things you can do with your passwords that may seem clever or might look like they are a good idea, but actually aren't. Substituting the letter "A" with a 4 will not actually change how difficult your password is to guess by a bot. Putting random symbols, capitalizations and numbers here and there, however, will. Do that instead. Setting up your password to be something along the lines of "incorrect", "followthewhiterabbit" or "thisismypassword" is an extremely bad idea as well. If you use words in your password, make sure it's not something obvious that sees a lot of everyday use, or something lifted directly from pop-culture. Make it something personal, a word or phrase related to a personal experience that no one else is likely to have had. A bot is unlikely to pull that out of a dictionary or online data dump any time soon.

These are the core practices that you should take into consideration when you compose a new password. Doing so will result in your passwords being more complex and thus – difficult to potential hackers to crack, even if they have advanced tools and more raw computing power at their disposal. In other words – this will noticeably increase your cybersecurity.

The downside is that you making longer, more complex passwords will likely interfere with your ability to remember and input them. This is especially true if you have multiple important correspondences, business or payment accounts that you need to access frequently. Unless you employ a password manager, longer passwords are a hassle, even if the extra layer of security they provide is undeniable.

However, no matter how much of a bother that may be, remember - you should NEVER fall into the trap of re-using the same password twice.

By Giles
November 14, 2018
Password Security
English
November 14, 2018
Password Security

Popular Posts

As Fears of the Coronavirus Pandemic Spread, So Does...

4 years ago

Microsoft Warns State-Backed Threat Actors Are Using AI in...

4 days ago

Trojan Al11 Malware Detection & Removal - An Essential...

11 months ago

Pinaview is a Fully-Featured Adware App

10 months ago

"Your iCloud is Being Hacked" and "Your iPhone has Been...

7 months ago

What is Lucky Ransomware?

7 months ago

Related Posts

Password Security

What is the Best Way to Create Strong Passwords in Google Chrome?

What's the key aspect of any reliable password? It's complexity, right? A chaotic grouping of numbers, letters (both upper and lower case), and symbols looks like the ultimate defense against hackers. Malware using... Read more

March 15, 2018
Password Security

Happy World Password Day! Now Go and Fix Your Passwords!

We have World Toilet Day and World Laughter Day. It's only logical to have a day dedicated to another thing we encounter on a daily basis – passwords. Security specialist Mark Burnett was the first person to suggest... Read more

May 3, 2018
Password Security

Why You Shouldn't Reuse Passwords

During your school years did you ever become frustrated when someone in your class shared the same name as you? Better yet, was there ever a time that someone improperly identified you as someone else? Such... Read more

March 14, 2018
English
Loading...

Cyclonis Backup Details & Terms

The Free Basic Cyclonis Backup plan gives you 2 GB of cloud storage space with full functionality! No credit card required. Need more storage space? Purchase a larger Cyclonis Backup plan today! To learn more about our policies and pricing, see Terms of Service, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Cyclonis Password Manager Details & Terms

FREE Trial: 30-Day One-Time Offer! No credit card required for Free Trial. Full functionality for the length of the Free Trial. (Full functionality after Free Trial requires subscription purchase.) To learn more about our policies and pricing, see EULA, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Home

Products

Cyclonis Backup Cyclonis Password Manager Cyclonis World Time

Support

Help Files FAQs Downloads Inquiries & Support

Company

About Us Contact Us Report Abuse

Legal (Post Merger)

EnigmaSoft Limited (fka Cyclonis Limited)

Cyclonis Backup's Terms of Service Cyclonis Password Manager's EULA Cyclonis World Time's Terms of Service Privacy Policy Cookie Policy Special Discount Offer Terms Additional Terms & Conditions SpyHunter EULA RegHunter EULA EnigmaSoft Privacy Policy & Cookie Policy ESG Privacy Policy & Cookie Policy EnigmaSoft Discount Offer Terms ESG Discount Offer Terms

© 2017-2024 Cyclonis Ltd. CYCLONIS is a trademark of EnigmaSoft Limited (Cyclonis was merged into EnigmaSoft Limited effective November 25, 2023.) All rights reserved.

Registered Office EnigmaSoft Limited: 1 Castle Street, 3rd Floor, Dublin 2 D02 XD82, Ireland.
EnigmaSoft Limited, Private Company Limited by shares, Company Registration Number 597114.

Windows is a trademark of Microsoft, registered in the U.S. and other countries.
Mac, iPhone, iPad and App Store are trademarks of Apple Inc., registered in the U.S. and other countries.
iOS is a registered trademark of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
Android and Google Play are trademarks of Google LLC.