Why passwords must contain at least 9 characters
Hard passwords, 9 characters long, usually take about two days to decrypt, while shorter passwords can be cracked in an instant.
According to research by cybersecurity firm Hive Systems (USA), the easiest passwords to decipher are usually just all digits, or a few complex characters.
In particular, if the user sets a password with only numbers, the decryption will take place immediately, especially if the password consists of only 4-11 digits. But even with 18 numbers, it only took hackers about three weeks to crack the code.
Setting a password with all digits is easiest for hackers to decipher. Source: Nest System
While the strongest password is set to consist of numbers, lowercase letters, uppercase letters and special characters. Hackers can easily decode these types of passwords when they are between 4-6 characters. But if set longer, hackers can take anywhere from a few tens of minutes to billions of years.
According to experts, a password at the secure threshold should consist of 9 characters, including numbers, lowercase letters, uppercase letters and special characters. At this level, it would take at least two days to crack the code.
To determine how long it would take to crack a password, Hive Systems used data from the HowSecureIsMyPassword Security.org tool. On the blog, the group explains that it started with what’s known as “hashing” – the algorithmically controlled process that most websites use today to disguise stored passwords.
For example, if a user sets a password for their account “password” into the common MD5 hashing software, they will receive a string of characters: 5f4dcc3b5aa765d61d8327deb882cf99. When breaking into websites, hackers only see these characters.
The hashed password is immutable and cannot be decrypted anymore due to the use of a one-way algorithm. However, hackers can list every possible combination of characters on the keyboard, and then hash those combinations themselves using common software. In the end, they just need to use this list, use special software to match stolen accounts, compare matches to find passwords. The time to perform this process depends on the complexity of the password.
Thus, hackers can immediately find out the password if the user sets it in a generic form such as “123456”, “password”, “111111”… In fact, this is also a most popular password For years, security experts recommended against using it to avoid hacker attacks.
Bao Lam (based on CNBC)
at Blogtuan.info – Source: vnexpress.net – Read the original article here
