Geek Dashboard Home
HomeNews

“Stop Using 8 Character Passwords” They Can Be Guessed in 2 Hours, Says Researchers

3 min read

Today no one is alien to passwords. Almost all the online services need you to sign into their platform. It is essential for you to have a username and password to do so. However, many sites use Google and Facebook accounts to get into their services.

Whichever the platform be, you have to keep your passwords complicated. Taking the ease of remembrance into consideration, most of us always try to keep the number of characters as low as eight. Is it a wise move?

Eight Character Passwords can be Guessed in 2.5 Hours; Say, Researchers

Image source: gadgets.ndtv.com

You know the password norms on websites, don’t you? They ask you to fill in a mix of alphanumeric upper and lowercase characters, at least eight in number. For many years, online services have been following the same rule.

Also Read: How to Find WiFi Passwords on iPhone and iPad [4 Ways]

Nonetheless, the same norm has already gone outdated. The complex password of eight characters that you thought hard to generate can easily be cracked within hours. An open source password recovery tool, HashCat has displayed the ability to crack an eight-character Windows NTLM hashtag within 2.5 hours! Yeah, you can watch a movie within this time.

A security expert named Tinker involved in the project has tweeted a few days ago about the death of eight-character passwords. His team used HashCat beta 6.0 coupled with eight Nvidia GTX 2080Ti GPUs to pull off this offline attack. It means the process needs one heck of power for completion.

Also Read772 Million Email IDs and their Passwords Leaked; Massive Data Breach Ever?

In case you don’t know, NTLM is an outdated Windows authentication protocol. Nonetheless, Tinker thinks regular Windows versions are not out of the reach for cracking passwords.

He also tweeted out that cracking a so-called safe eight-character password with upper, lower, number, and symbol is a walk in the park. They only take 1 hour and 15 minutes for it. Moreover, if the password with a name or a word no matter you capitalize it or not, would only take a few minutes to crack.

Also Read: Reset Easy File Locker Password to View Hidden Files

In order to grasp the severity of the news, you have to know the regular password guidelines of Google, Microsoft, Facebook, and Twitter. The first two need only eight characters to keep your credential safe, on the contrary to six the last two require. The attack called by the brute force doesn’t slow down until success when done through a program.

How can you stay safe then? Tinker suggests you should use a password manager to generate random phrases with maximum character length. And, don’t forget to make use of multi-factor authentication.

Do you have an eight character password? Go change it straight away.

Be the Change!

Spread the word and help us create better tech content

Facebook Twitter Reddit WhatsApp Pinterest
Avatar for Rahul Krishnan

Rahul Krishnan

Facebook

Rahul Krishnan, a wordsmith from Kerala, India is always in lookout for his next article idea. He is a fanatic reader. And, the rumour is that his mom has recently hidden his debit card so that he can't buy books anymore. She doesn't know he has a spare one.

Read all 509 articles from Rahul

Comments

  1. Avatar for AnujAnuj says

    So, how long a password should be? And, please also tell me that which is the best password manager service to keep record of all my passwords