Password Complexity Recommendations: xezandpAxat8Um or P4$$w0rd!!!!

Abstract

The password-cracking world is in turmoil. Many new technologies, such as graphic cards (e.g. NVidia CUDA or ATI/AMD GPUs), make easily available computing power that was previously reserved to very rich organizations. Many efficient tools followed using these technologies, for better or for worse. This report illustrates the type of performance one can obtain from a generic $2,000 computer and the lessons to learn on password length for different web sites and software programs. The larger conclusion is that an 11-character password, containing uppercase-lowercase-digits-symbols, is the ideal length for the foreseeable future when no other information is available. More characters are always better; less can be dangerous in the current state of the technology. The use of a password manager, a program that generates and manages strong, complex passwords, is strongly recommended.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Oct 01, 2014
Accession Number
AD1004021

Entities

People

  • Martin Salois

Organizations

  • Defence Research and Development Canada

Tags

Communities of Interest

  • Cyber

DTIC Thesaurus Topics

  • Algorithms
  • Classification
  • Commerce
  • Computers
  • Cryptography
  • Databases
  • Dictionaries
  • Frequency
  • Language
  • Mobile Phones
  • Operating Systems
  • Personality
  • Security
  • Social Media
  • Statistical Analysis
  • Websites
  • Words (Language)

Readers

  • Cybersecurity.
  • Parallel and Distributed Computing.
  • Systems Analysis and Design