Consumers encouraged to strengthen online passwords

Tuesday, August 24, 2010 - 21:24 by Mike Price

Security experts are again urging people to improve their level of online security by not only making their passwords difficult to guess, but by using more characters as hackers become increasingly sophisticated and consumers ever more vulnerable.

Researchers in the US now believe that it is safer to have a password that is 12 characters in length rather than one which is six, which had been the previously advised minimum used by most online retailers and other internet-based services.

There are several obvious benefits to having a longer, more complex password, not least of which is maintaining the ability to enjoy safe shopping online. However, the researchers at the Georgia Tech Research Institute recognise that remembering a 12 character password can be difficult, particularly when using randomised letters and numbers.

In a study, an eight character password was cracked in a little over 90 minutes using networked computers and harnessing not just their processors but also their graphics cards. The researchers claim that to crack a password that is just four characters longer using the same technique would take thousands of years.

Researcher Richard Boyd said that by exploiting the combined power of graphics processors (GPUs) it was becoming clear that six, seven and eight character passwords can no longer be deemed as secure and, as GPUs increase in power, the problem will only worsen.

A hacker leveraging processing power to attempt one trillion different password combinations every second would take 180 years to break an 11 character password, but by adding a single character, this jumps to over 17,000 years, according to Mr Boyd. He added that 13 character passwords were inconvenient for most people, with 12 characters being the "sweet spot" in terms of usability and security.

The brute force approach to password cracking is far from elegant, but with hackers working with ever more computing power to compromise safe shopping online, researchers believe that longer passwords are the best protection.