How Long is Strong?
You might imagine that a seven character password is very difficult to crack. However, if we were to try guessing every possible seven character password using an automated tool, it would take just two days to work through all the permutations on a typical desktop PC.
Even worse, most people choose simple passwords - perhaps using the name of their partner with a number appended, or some other word commonly found in a dictionary. An attacker with the right software can try most words and proper nouns, each with one or two numbers appended, in just a few minutes.
It Gets Worse ...
There
is another threat to Windows passwords: rainbow tables. Putting it
simply, these are lists of passwords with their encrypted equivalents,
making the process of finding a password very fast indeed. Since the tables
contain both the encrypted password and its corresponding plain text, you are effectively
looking up the password rather than needing to guess it.
The
only restriction for rainbow tables is size - the longer the password you are
trying to guess, the larger the tables need to be.
What About 'Complex' Passwords?
The
traditional response to the problem of weak passwords is to encourage users to
use a combination of random letters, numbers and symbols.
Unfortunately,
such passwords are impossible for the average person to remember, resulting in
other serious problems such as passwords being written on post-it notes or hidden
under the keyboard where even inexperienced attackers can find them.
If you decide to make a complex password memorable,
What's the Answer?
The maximum length of a Windows password was
increased to a massive 127 characters many years ago. Although the 'change password' dialogue box limits you to 32 characters, this still makes long, secure passwords possible.
So,
instead of trying to memorise a complicated string of numbers, letters and
symbols, envisage the password as a passphrase.
A
phrase such as “I.love.green.tomatoes” is very easy to remember, yet all but
impossible to crack using any automated tools.
Isn't it time you considered switching to passphrases?
More Info
Get your copy of the full Windows passwords white paper
Test your password strength: http://password-checker.online-domain-tools.com/