Thankfully the days of organizations storing passwords in plain text are pretty much gone. Most are now hashed using algorithms that prevent hackers from reading the database easily.
But, as new research from Specops Software reveals, that doesn't necessarily make things safe. The quality of the password itself has a big impact on how long it will take to crack.
"The recent headline-making news of the possibilities of AI have some security researchers and IT teams wondering what this technology means for password security," says Darren James, senior product manager at Specops Software. "We've long known that passwords are vulnerable to brute force cracking attempts. Recent advancements in automation and hardware have made these attacks all the more accessible for today's cybercriminals."
The number and mix of characters is key here. Eight or less, even if you mix numbers, letters, symbols and case, you may as well not bother as it'll be cracked in under three hours. At 10 characters things are getting better, a mix of numbers, letters and case will take 14 days to crack, add in symbols and you buy yourself three years.
12 characters offers a nice sweet spot, with a password that's not too arduous to enter but will take 19 years to crack if it mixes upper and lower case, 159 years if you throw in some numbers, and 26,500 years with symbols added.
More than 12 characters and, provided it's not all lowercase letters or numbers, you'll be long dead before the hackers get into your account.
If your password has been previously compromised, however, then all bets are off. Which is why reusing passwords -- even long ones -- is a bad idea.
You can read more, including tips on reducing your risk, on the Specops blog.
Image credit: NewAfrica/depositphotos.com