Password Construction and Retention

WHY:

According to both Forbes and ZDNet, one of the most common reasons that businesses get hacked is because they allow their users to choose weak passwords. As computing power continues to grow, it becomes much easier for hackers to crack weak passwords.

Assume that you use a password that is 6 or fewer characters, and assume that password is made up of numbers as well as upper and lower case letters, your password would have roughly 58 billion different combinations. With current hardware it’s safe to assume that attackers are capable of cracking roughly 1 million password combinations per second, and at this rate an attacker would be able to try all 58 billion combinations in roughly 16 hours.

However, assume the same password rules previously mentioned with a password that consisted of 8 characters instead of 6, the new 8 character password would have nearly 222 trillion possible combinations. Assuming the same cracking speed as the previous example, it would take nearly 7 years to try all 222 trillion combinations. By adding only 2 more characters to the password we were able to add an additional 222 trillion potential password combinations an attacker would need to attempt.

The key to choosing a strong password should be complexity. The longer a password is, and the more characters you include in your password, you dramatically raise the total number of possible combinations for that password. As a result you dramatically raise the total amount of time required to crack that password.

HOW:

To ensure your user’s passwords are strong, we recommend the following guidelines for creating a password:

  • Contain at least 8 alphanumeric.
  • Contain both upper and lower case letters.
  • Contain at least one number.
  • Contain at least on symbol.
  • Change password every 90 days.
  • Do not reuse previously used passwords.
  • Do not write down passwords.