Urgent Weekend Project: Add Length to All Your 8-Letter Passwords

By Matthew Kaufman May 10, 2023

When it comes to passwords, length has always played a crucial role in their security. With the radical advances we’ve been seeing in AI, however, relying on the “standard” 8-character type of passwords is no longer sufficient, even if it includes a mix of lowercase and uppercase letters, numbers and special characters.

Just last year, it would have taken 39 minutes for a hacker to run a brute-force attack that would successfully break your legacy password.

New research conducted by security firm Hive Systems reveals that with the help of AI tool ChatGPT, a complex 8-character password can now be cracked almost instantly! Thus, greatly strengthening shorter legacy passwords is no longer optional.

To ensure maximum security, it is essential to aim for the bottom-right portion of the graphic below by adding both length and complexity to your password. Aim for a password of at least 15 characters, incorporating complexity, for maximum peace of mind.

In addition to the advice outlined above, Hive Systems offers other key recommendations for keeping your logins safe:

  • Use a passphrase instead of a password: A passphrase is a lengthy combination of random words. Passphrases are generally more secure than passwords and easier to remember. For instance, a passphrase like “Sunset-b3each-sand?” would add valuable length while remaining easy for the user to remember.
  • Use a password manager: Since it is practically impossible to create and remember multiple complex and lengthy passwords on your own, a password manager is highly recommended. By employing a password manager for yourself or within your organization, you can generate, store and apply strong passwords for websites and online accounts.
  • Employ a strong master password: If you opt for a password manager, it is crucial to protect your stored passwords effectively. One way to achieve this is by creating a complex and lengthy master password or passphrase that you can remember.
  • Test your passwords: To evaluate the strength of a potential password, you can enter it on a website such as security.org for a valuable second opinion regarding how long it would take to crack your password.

Of course, here at KaufmanIT we recommend what is almost certainly the best defense vs. a brute force password attack: multi-factor authentication (MFA). Even a hacker who successfully cracks your password shouldn’t be able to access your account(s) if he or she can’t confirm identity via cell phone or a similar method.

If you’re uncertain how to establish MFA, we routinely include this protection for client accounts and can help you establish this vital defense mechanism quickly and cost-effectively. Contact us anytime for assistance.

That said, don’t rely on MFA alone – password strength is important.

We realize that going through and changing all your passwords might seem like a daunting task.

It’s true: if you choose not to use a password manager and instead opt to manually update each of your logins one at a time, it might take a couple of hours. For both the peace of mind and security it will create, however, we strongly suggest it would be time well spent. Consider opening the laptop during that next basketball game you’re going to watch on TV this weekend and make those updates.

Just like working out, the hardest part is getting started. If you do upgrade all those weak 8-character passwords with sturdy, new 14-16 letter versions, you’ll feel great about yourself afterwards, I promise!

Latest Blog Posts

Get the IT Expertise You Deserve

You’re here now – why wait?

Find out why our award-winning team is also one of the fastest-growing technology providers in California.

Request a call today!

KaufmanIT-BIMI 5