Long Passwords are no Longer the Best Defense Against Hackers

Posted: January 01, 1970

[caption id="attachment_11556" align="alignright" width="425"]© jamdesign - Fotolia.com[/caption]Sorry but your new password must contain an uppercase letter, a number, a haiku, a hieroglyphic, and your left foot. Even with ridiculously long and complex passwords you’re not safe from hacker attacks. Learn how you can minimize damage brought from password crackers.

Jared Newman, PCWorld author, explains how long passwords can be cracked, as well as how you can protect yourself.

Not even long passwords will save you from a hack attack

Passwords with dozens of characters are supposed to be a natural defense against hackers, because they're that much harder to crack compared to short passwords. But not anymore.

As Ars Technica reports, the speedy password-cracking software ocl-Hashcat-plus can now crack passwords with around 55 characters, an increase from 15-character support in the previous version. Jens Steube, Hashcat's lead developer, said in the software's release notes that support for longer passwords was “by far one of the most requested features.”

Because some web services are more lax about security than others, and because no site is ever completely hack-proof, you can't really expect passwords to stay secure forever. Still, most reputable sites will “hash and salt” users' passwords, essentially using cryptography and adding other unique information to each individual password. This makes it harder for hackers to discover the actual passwords after stealing them. But, with the help of cracking software, hackers can still make lots of rapid fire guesses to eventually figure out people's hashed passwords. (Hashcat for instance, can make 8 billion guesses per second.)

Read the full article "Not Even Long Passwords Will Save You From A Hack Attack" on PCWorld.