Password Security
I wrote this up for work after getting a complaint about a 12-character minimum password length I set for my upcoming website launch. I figured it was worth sharing.
That 8 character password of yours? If it’s just letters (both upper and lower case), it can be hacked in 3 hours using a single desktop computer. Making this 9 characters increases the time to 8 days. 12 characters: 3000 years.
Adding in numbers or special characters does not solve the problem. An 8-character password with one number and one special character is still hackable in 5 days.
This gets worse every year, as computing power increases. And a hacker using a network of computers can do it in less time than that. (They probably stole that network of computers by using — wait for it — hacked passwords.)
Check your password hack time using this site: https://howsecureismypassword.net/
The solution is to use longer passwords. One easy way to do this is to use “pass phrases”: 4 typical words strung together. XKCD did a great job of explaining this:
Better yet, use a password manager to generate long, random, unique passwords for every site you visit. I use 1Password and like it a lot: https://agilebits.com/onepassword