When it comes to minimum password length, 14-character passwords are generally considered secure, but they may not be enough to keep your enterprise safe.
So as you can see, from just a rudimentary brute force perspective, the longer a password is in length, the harder it is to crack. 14 characters would take many years to brute force, even with today's processing power, so it takes away some of the cracking options from an adversary's toolbox.
A 14-character password coupled with multi-factor authentication provides solid security. It will also make you more comfortable removing password complexities. Combats common reuse issues. While users will continue to “reuse” passwords, making only minimal changes, a longer phrase or password helps improve security.
Even if that number only password is 14 numbers (that's nearly 100 trillion number combinations), it only takes four days to crack a password even that size; Want to use all upper and lower case letters instead?
So: 6.6 bits/character * 14 characters = 92.4 bits.
Answer: 14 characters is between 2 words and 4 words with spaces included in the character count. If spaces are not included in the character count, then 14 characters is between 2 words and 5 words.
For simple passwords that contain only numbers or lowercase letters, the results were almost instant. Meanwhile, the same system would need 400 years to decode them if stronger hashing functions like bcrypt are in use. For a complex 12-character password, the duration Hive estimate is 14 billion years.
Increasing the password complexity to a 13 character full alpha-numeric password increases the time needed to crack it to more than 900,000 years at 7 billion attempts per second. This is, of course, assuming the password does not use a common word that a dictionary attack could break much sooner.
Long passwords are stronger, so make your password at least 12 characters long. These tips can help you create longer passwords that are easier to remember.
Make your password 14 to 16 characters or more!
Experts agree that length is a critical element of password strength. In fact, the National Institute of Standards and Technology (NIST) states, Password length has been found to be a primary factor in characterizing password strength.
A 15-character password is often considered good protection for up to a year. Most security guidelines also insist on character complexity, which usually means that the password must contain multiple character sets, such as uppercase alphabetic characters, numbers, keyboard symbols, and so on.
Password Cracking: FAQs
A 12-character password that only uses numbers will take just a second to crack, but 14-character passwords that use numbers, symbols, upper case, and lower case letters can take millions of years.
To say it another way, a password that is 16 characters long made up of only numbers provides the same level of difficultly-to-crack as an 8-character password made up of the possible 94 possible characters.” It seems though as a combination of approaches might work better: lengthy and fairly complex passwords.
Use long, complex passwords that use spaces, capital letters, lower case letters, numbers and special characters. To make them easier to remember, consider using a sentence that has meaning to you.
Use multiple character types.
There's a reason more and more organizations are requiring passwords made with both uppercase and lowercase letters as well as symbols and numbers. When you include all character types, you maximize the amount of possibilities per character, which makes your password harder to crack.
Uncrackable passwords use ALL available character types – uppercase, lowercase, numbers, and symbols. The absolute minimum length for an uncrackable password is 11 characters (assuming the password uses a mix of all character types).
Password length refers to the number of characters (letters, numbers, punctuation marks, etc.) in a password. Experts recommend using longer passwords when possible. The longer a password is, the more possible permutations it has, making it harder and harder for cybercriminals to crack.
Password: m#P52s@ap$V
This is a great example of a strong password. It's strong, long, and difficult for someone else to guess. It uses more than 10 characters with letters (both uppercase and lowercase), numbers, and symbols, and includes no obvious personal information or common words.
In contrast, the time required for LMG to compute the full 10-character space is just over 8 years, 12 characters is 77,000 years, 14 characters is 710.5 million years, and 16 characters is 6.5 trillion years.
This makes the 16 character, letters-only password (91 bits) 8 million times harder to guess than the 12-character (68 bits) one, while the 12-character password with numbers (71 bits) is only eight times harder to crack than the letters-only one.
Mix Word and number together randomly
Mix Word and number together randomly (mix uppercase and lowercase). For example, 2 words “Scotfield” and “01255447689”, mix it randomly and become “S012cot5544fie76ld89”, frankly… i do not think is it possible to crack, but it very hard to remember also.
If a password is only four or five characters (whether they are just numbers or a combination of numbers, letters and symbols), there's a very high chance that it will be hacked instantly. However, if a password is only numbers and up to 18 characters, it could take a hacker up to nine months to crack the code.
For the example of six lowercase letters above, the computation results in 29 bits; for the more complex, 12-character example, it is 75 bits. (Mathematicians refer to the possibility spaces as having entropy of 29 and 75 bits, respectively.)
If a password is set of 8 characters, using the NIST recommendation of choosing a randomly generated string of 8-characters, using a top-of-a-range GPU that was available in 2018 (RTX 2080) it would take 4 hours to crack a password with numbers, upper- and lower-case letters, and symbols.