Today no one is alien to passwords. Almost all the online services need you to sign into their platform. It is essential for you to have a username and password to do so. However, many sites use Google and Facebook accounts to get into their services.
Whichever the platform be, you have to keep your passwords complicated. Taking the ease of remembrance into consideration, most of us always try to keep the number of characters as low as eight. Is it a wise move?
Eight Character Passwords can be Guessed in 2.5 Hours; Say, Researchers
You know the password norms on websites, don’t you? They ask you to fill in a mix of alphanumeric upper and lowercase characters, at least eight in number. For many years, online services have been following the same rule.
Nonetheless, the same norm has already gone outdated. The complex password of eight characters that you thought hard to generate can easily be cracked within hours. An open source password recovery tool, HashCat has displayed the ability to crack an eight-character Windows NTLM hashtag within 2.5 hours! Yeah, you can watch a movie within this time.
A security expert named Tinker involved in the project has tweeted a few days ago about the death of eight-character passwords. His team used HashCat beta 6.0 coupled with eight Nvidia GTX 2080Ti GPUs to pull off this offline attack. It means the process needs one heck of power for completion.
In case you don’t know, NTLM is an outdated Windows authentication protocol. Nonetheless, Tinker thinks regular Windows versions are not out of the reach for cracking passwords.
He also tweeted out that cracking a so-called safe eight-character password with upper, lower, number, and symbol is a walk in the park. They only take 1 hour and 15 minutes for it. Moreover, if the password with a name or a word no matter you capitalize it or not, would only take a few minutes to crack.
In order to grasp the severity of the news, you have to know the regular password guidelines of Google, Microsoft, Facebook, and Twitter. The first two need only eight characters to keep your credential safe, on the contrary to six the last two require. The attack called by the brute force doesn’t slow down until success when done through a program.
How can you stay safe then? Tinker suggests you should use a password manager to generate random phrases with maximum character length. And, don’t forget to make use of multi-factor authentication.
Do you have an eight character password? Go change it straight away.