15 character passwords are now: not secure

Back around 2017 or 2018, I remember reading that a 12 character password was good and a 15 would take '2 billion years' to crack.

As most of my friends know, I laugh anytime someone says that something in computers will take 2 billion years to crack. My response is: You can crack it in 10 years. Just do NOTHING for 9 years and 364 days, then crack it the last day.

2020.01:

All passwords with a length up to 15 characters cracked in < 15 hours with 4 nvidia gtx 2080ti 22.7 sextillion keys per second per gpu

So, instead of a billion years, it took waiting 3 years and then buying the newest fastest video card, and you too can do 2 billion years of cracking in 15 hours!

My response: I am moving my 'minimum password length of 12 for important things' to 'minimum password length of 20' and in many cases 30.

But there is a problem with that. Banks and Government tend to NOT allow good passwords. They want shorts ones with silly rules like capital letters, numbers and symbols, rules that have been shown to decrease the strength and security of passwords for a variety of 'human' reasons.

Humans tend to swap 0 for O and 1 for l. So all password crackers know that, it essentially adds ZERO security while making it harder to remember, and because it is harder to remember, the humans use 'easier' passwords for the rest!

Also, everyone (statistically) uppercases the 1st letter when required. And 1! added to the end of the password makes it pass all the rules.

I am amazed at how many sites will let me enter Password1! as my password and call it 'secure'.When mypassword is actually MORE secure and mysillypassward is hundreds of times more secure.

Requiring passwords of 15 or 18 or 20 characters and dropping all the silly rules would in almost every case make passwords more secure.

Warning: Don reuse passwords or password patterns. For example: mysillyTD means that once one is cracked, it is pretty easy to guess with no more than 100 attempts (which is a tiny number for computer) that your Scotia bank password is mysillyScotia or mysillySc0tia


Published: 2020.Feb.10     Last edited: 2020.Feb.11

Comments

No comments yet. Be the first to comment!


Add Comment