Did you know that hackers can crack an 8-character password hash in under 8 hours, whereas a 10-character password hash can take over 8 years? Password strength and complexity is extremely important, and if done right, can help prevent attackers from compromising your data. Today we are going to look at just how easy it is for attackers to crack a simple password, how long it takes attackers to crack a complex password, and Mnemonix’s best practice guidelines for creating a strong, unique password.
Cybersecurity experts make recommendations for strong, unique passwords for several reasons. Every day, malicious cyberattacks occur that compromise websites, online accounts, network information and more. This information is then posted which exposes people’s passwords, emails, personal information and more. If your password happens to get compromised and contains personal information, the attackers now have your credentials, and possibly personal information about yourself. Therefore, experts recommend your passwords are not only strong, but unique.
We’d like to look at the differences in the time it takes to crack a password based on complexity. For this instance, we will assume each password contains at least 1 upper case letter, 1 lower case letter, a number, and a special character. In a Windows environment, NT LAN Manager (NTLM) is a suite of Microsoft security policies intended to provided authentication, integrity, and confidentiality to users. Experts have run tests to see how long it would take to crack a NTLM password hash, and the results are as follows:
1.Any 8-character NTLM password hash can be cracked in under 8 hours
2.Any 10-character NTLM password hash can be cracked in just over 8 years.
3.Any 12-character NTLM password hash can be cracked in roughly 34,000 years.
a.Note the time difference by just having 2 additional characters.
Keep in mind, these results were generated in a testing environment, and are meant for educational purposes. As we can see, passwords become much more difficult to crack via brute force when they contain more characters. Passwords can be cracked much faster using attack methods such as phishing, key-logging and with the use of other malicious viruses, which is why it is important to have a routine of changing your password often. To ensure your accounts stay safe, Mnemonix recommends utilizing two-factor authentication wherever possible. This adds an extra layer of security that makes it extremely difficult for attackers to gain access to your information. Mnemonix also recommends using a password length of at least 12 characters, including at least 1 upper case letter, 1 lower case letter, 1 special character and 1 number. It is best to keep these passwords unique by avoiding the addition of patterns, personal information, and names. If you have an administrator account, or elevated access on your network, it is best to use a password at least 25 characters in length. Where it may be tedious at times to remember longer passwords, there are many safe tools in the market that will store your passwords and keep them safe. Using best practices when creating passwords can save your business money in the long run as it will limit your risk of being compromised. If you have any questions or concerns regarding password security, and best practice when creating a password policy, please reach out to Mnemonix.
Cybersecurity experts make recommendations for strong, unique passwords for several reasons. Every day, malicious cyberattacks occur that compromise websites, online accounts, network information and more. This information is then posted which exposes people’s passwords, emails, personal information and more. If your password happens to get compromised and contains personal information, the attackers now have your credentials, and possibly personal information about yourself. Therefore, experts recommend your passwords are not only strong, but unique.
We’d like to look at the differences in the time it takes to crack a password based on complexity. For this instance, we will assume each password contains at least 1 upper case letter, 1 lower case letter, a number, and a special character. In a Windows environment, NT LAN Manager (NTLM) is a suite of Microsoft security policies intended to provided authentication, integrity, and confidentiality to users. Experts have run tests to see how long it would take to crack a NTLM password hash, and the results are as follows:
1.Any 8-character NTLM password hash can be cracked in under 8 hours
2.Any 10-character NTLM password hash can be cracked in just over 8 years.
3.Any 12-character NTLM password hash can be cracked in roughly 34,000 years.
a.Note the time difference by just having 2 additional characters.
Keep in mind, these results were generated in a testing environment, and are meant for educational purposes. As we can see, passwords become much more difficult to crack via brute force when they contain more characters. Passwords can be cracked much faster using attack methods such as phishing, key-logging and with the use of other malicious viruses, which is why it is important to have a routine of changing your password often. To ensure your accounts stay safe, Mnemonix recommends utilizing two-factor authentication wherever possible. This adds an extra layer of security that makes it extremely difficult for attackers to gain access to your information. Mnemonix also recommends using a password length of at least 12 characters, including at least 1 upper case letter, 1 lower case letter, 1 special character and 1 number. It is best to keep these passwords unique by avoiding the addition of patterns, personal information, and names. If you have an administrator account, or elevated access on your network, it is best to use a password at least 25 characters in length. Where it may be tedious at times to remember longer passwords, there are many safe tools in the market that will store your passwords and keep them safe. Using best practices when creating passwords can save your business money in the long run as it will limit your risk of being compromised. If you have any questions or concerns regarding password security, and best practice when creating a password policy, please reach out to Mnemonix.