Technology has advanced that much through the recent years that it has become a lot easier to crack passwords. Once upon a time we thought that an 8 character password would be really hard to crack but nowadays it turns out that we have invented the technology to crack an 8 digit password in around 1 minute! A 10 digit password could take around 14 hours to crack. That is why we need to have passwords that are longer than 13 digits. The longer the password, the harder it is to crack with brute force attacks. Most security experts actually recommend we create passwords that are at least 15 digits long, 20 digits to be on the safe side.
I have a very vivid memory of websites that wouldn’t support passwords bigger than 8 or 10 characters! But that was in the past! Now computers have become so powerful that we need to forget our old security habits.
It is recommended that we use random characters, letters, numbers and symbols for the password. Normal words are too easy to crack! One could assume that the brute force attack programs have an algorithm that makes them search for word combinations first and then for random letters. That would explain why a 13 digit password with only the character 1 (1111111111111) takes one hour to crack, while a 13 digit password with random digits could take 1900 years to crack!
The problem is that when the computing power increases, these numbers change. So the more computers one can dedicate to password cracking the faster it becomes. Maybe that’s why we need to start thinking about 20 digit passwords.
The more memorable a password is, the easier it is to crack. But if one can create a really long password, that would make up for being memorable!
How can one remember multiple long passwords though? For all the websites that we are nowadays using? The answers is a reliable password manager. A program that remembers all passwords for you and requires only a master password. Let us not confuse a password manager with browser plugins though. Many years ago, I used a browser sort of plugin to store all my passwords, only to realize afterwards how easy it was to decrypt those, with a free tool I downloaded from the internet.
Here is what Snowden has to say about passwords: