How long should a password be?

How long should a password be?

  • Between 5 and 8 characters

    Votes: 2 3.4%
  • Between 8 and 12 characters

    Votes: 22 37.9%
  • Between 15 and 20 characters

    Votes: 17 29.3%
  • 20 characters or more

    Votes: 14 24.1%
  • Length doesn't matter

    Votes: 3 5.2%

  • Total voters
    58

TairikuOkami

Level 37
Verified
Top Poster
Content Creator
Well-known
May 13, 2017
2,692
This is getting bothersome, another service asking me to change my unanimous password, like 5th one this year alone.
I like my Password123, it is unique, even though I have received several attempts to login to my "useless" accounts. 😹
 

Attachments

  • capture_07192020_111610.jpg
    capture_07192020_111610.jpg
    236.5 KB · Views: 200

jetman

Level 10
Verified
Well-known
Jun 6, 2017
477
My (limited) understanding is that hackers can access websites using one of 4 main techniques...

1. Social engineering methods (no hacking required).

2. Trying out previously compromised login credentials (which can be purchased on the dark web) on multiple websites in the hope that some will work. This is why unique passwords for each site are important.

3. Using brute force techniques to try to guess passwords (which is why length and complexity are important). This is also why its good to avoid dictictionary words or common phrases.

4. Directly hacking websites to find databases containing the login credentials of each user. This is out of the control of the user as you just have to trust the security policies of the website holding your password. Whether a stolen password database is of any use to the hacker depends on how it is stored. Plain text would be very easy to exploit, whereas 'salted' hash values would be very difficult to exploit. However, if the database contains unsalted hash values (as many apparently do) then it is open to attack using Rainbow Tables. In that case, it doesn't matter how long or complex a password is- every account is potentially at risk of being breached- even if a password is a 128 character long string of random chacaracters.

Please can someone tell me if I am correct about this ?

Have I got anything wrong ?
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top